Li Zhijian <[email protected]> 于2020年8月21日周五 下午7:34写道: > > we go here either (!(*iov)[i].iov_base) or (len != l), so we need to consider > to unmap the 'i'th item as well when the 'i'th item is not nil > > Signed-off-by: Li Zhijian <[email protected]> > > --- > v2: address Gerd's comments > --- > hw/display/virtio-gpu.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c > index 5f0dd7c150..e93f99932a 100644 > --- a/hw/display/virtio-gpu.c > +++ b/hw/display/virtio-gpu.c > @@ -656,6 +656,9 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g, > qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory > for" > " resource %d element %d\n", > __func__, ab->resource_id, i); > + if ((*iov)[i].iov_base) { > + i++; /* cleanup the 'i'th map */
Should we also reset (*iov)[i].iov_len to 'len' so the dma_memory_unmap has the right size? Thanks, Li Qiang > + } > virtio_gpu_cleanup_mapping_iov(g, *iov, i); > g_free(ents); > *iov = NULL; > -- > 2.17.1 > > > >
