From: Zhenzhong Duan <zhenzhong.d...@intel.com>
During address space unmap, corresponding IOVA tree entries are
also removed. But DMAMap is set beyond notifier's scope by 1, so
in theory there is possibility to remove a continuous entry above
the notifier's scope but falling in adjacent notifier's scope.
There is no issue currently as no use cases allocate notifiers
continuously, but let's be robust.
Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
Reviewed-by: Peter Xu <pet...@redhat.com>
Message-Id: <20230615032626.314476-4-zhenzhong.d...@intel.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
hw/i386/intel_iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index f046f85913..dcc334060c 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3791,7 +3791,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as,
IOMMUNotifier *n)
n->start, size);
map.iova = n->start;
- map.size = size;
+ map.size = size - 1; /* Inclusive */
iova_tree_remove(as->iova_tree, map);
}
--
MST
