On 10/20/2010 10:26 AM, Sheng Yang wrote:
We need to query the entry later.
+struct kvm_kernel_irq_routing_entry *kvm_get_irq_routing_entry(struct kvm *kvm,
+ int gsi)
+{
+ int count = 0;
+ struct kvm_kernel_irq_routing_entry *ei = NULL;
+ struct kvm_irq_routing_table *irq_rt;
+ struct hlist_node *n;
+
+ rcu_read_lock();
+ irq_rt = rcu_dereference(kvm->irq_routing);
+ if (gsi< irq_rt->nr_rt_entries)
+ hlist_for_each_entry(ei, n,&irq_rt->map[gsi], link)
+ count++;
+ rcu_read_unlock();
+ if (count == 1)
+ return ei;
+
+ return NULL;
+}
+
I believe this is incorrect rcu usage. rcu_read_lock() prevents ei from
being destroyed under us, but rcu_read_unlock() removes that protection,
and a future dereference of ei may access freed memory.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
