From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 15 Jun 2023 03:26:26 +0000 (+0800)
Subject: intel_iommu: Fix address space unmap
X-Git-Tag: v8.1.0-rc0~42^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ebe1504e10f771f4fc5d005a6d1ed3f30e3ad428;p=thirdparty%2Fqemu.git

intel_iommu: Fix address space unmap

During address space unmap, corresponding IOVA tree entries are
also removed. But DMAMap is set beyond notifier's scope by 1, so
in theory there is possibility to remove a continuous entry above
the notifier's scope but falling in adjacent notifier's scope.

There is no issue currently as no use cases allocate notifiers
continuously, but let's be robust.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20230615032626.314476-4-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index f046f859133..dcc334060cd 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3791,7 +3791,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
                              n->start, size);
 
     map.iova = n->start;
-    map.size = size;
+    map.size = size - 1; /* Inclusive */
     iova_tree_remove(as->iova_tree, map);
 }