diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-02-01 14:55:45 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-02-01 14:55:45 +0000 |
| commit | 5601be3b01d73e21c09331599e2ce62df016ff94 (patch) | |
| tree | 7f2d40105790eea7e4bf4132ce10cda5e1400600 /scripts/dump-guest-memory.py | |
| parent | 4977986ca38fb1d5357532e1a8032b984047a369 (diff) | |
| download | qemu-5601be3b01d73e21c09331599e2ce62df016ff94.zip qemu-5601be3b01d73e21c09331599e2ce62df016ff94.tar.gz qemu-5601be3b01d73e21c09331599e2ce62df016ff94.tar.bz2 | |
exec.c: Don't reallocate IOMMUNotifiers that are in use
The tcg_register_iommu_notifier() code has a GArray of
TCGIOMMUNotifier structs which it has registered by passing
memory_region_register_iommu_notifier() a pointer to the embedded
IOMMUNotifier field. Unfortunately, if we need to enlarge the
array via g_array_set_size() this can cause a realloc(), which
invalidates the pointer that memory_region_register_iommu_notifier()
put into the MemoryRegion's iommu_notify list. This can result
in segfaults.
Switch the GArray to holding pointers to the TCGIOMMUNotifier
structs, so that we can individually allocate and free them.
Cc: qemu-stable@nongnu.org
Fixes: 1f871c5e6b0f30644a60a ("exec.c: Handle IOMMUs in address_space_translate_for_iotlb()")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190128174241.5860-1-peter.maydell@linaro.org
Diffstat (limited to 'scripts/dump-guest-memory.py')
0 files changed, 0 insertions, 0 deletions