On Wednesday 20 October 2010 16:53:02 Avi Kivity wrote:
> On 10/20/2010 10:26 AM, Sheng Yang wrote:
> > We need to query the entry later.
> >
> >
> > +struct kvm_kernel_irq_routing_entry *kvm_get_irq_routing_entry(struct
> > kvm *kvm, + int gsi)
> > +{
> > + int count = 0;
> > + struct kvm_kernel_irq_routing_entry *ei = NULL;
> > + struct kvm_irq_routing_table *irq_rt;
> > + struct hlist_node *n;
> > +
> > + rcu_read_lock();
> > + irq_rt = rcu_dereference(kvm->irq_routing);
> > + if (gsi< irq_rt->nr_rt_entries)
> > + hlist_for_each_entry(ei, n,&irq_rt->map[gsi], link)
> > + count++;
> > + rcu_read_unlock();
> > + if (count == 1)
> > + return ei;
> > +
> > + return NULL;
> > +}
> > +
>
> I believe this is incorrect rcu usage. rcu_read_lock() prevents ei from
> being destroyed under us, but rcu_read_unlock() removes that protection,
> and a future dereference of ei may access freed memory.
Yes... I would update the patch by copying it to caller's variable.
--
regards
Yang, Sheng
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
