intel_iommu: Fix address space unmap

During address space unmap, corresponding IOVA tree entries are also removed. But DMAMap is set beyond notifier's scope by 1, so in theory there is possibility to remove a continuous entry above the notifier's scope but falling in adjacent notifier's scope. There is no issue currently as no use cases allocate notifiers continuously, but let's be robust. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Peter Xu <peterx@redhat.com> Message-Id: <20230615032626.314476-4-zhenzhong.duan@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Zhenzhong Duan <zhenzhong.duan@intel.com> 2023-06-15 11:26:26 +0800
committer: Michael S. Tsirkin <mst@redhat.com> 2023-06-26 09:50:00 -0400
commit: ebe1504e10f771f4fc5d005a6d1ed3f30e3ad428 (patch)
tree: d800efcb6edd745a53e1f0bb1a89dda6e5d24277 /hw
parent: ce735ff03349eeac9efe59c118d78f088a151ec4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index f046f85913..dcc334060c 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3791,7 +3791,7 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, IOMMUNotifier *n)
                              n->start, size);
 
     map.iova = n->start;
-    map.size = size;
+    map.size = size - 1; /* Inclusive */
     iova_tree_remove(as->iova_tree, map);
 }
author	Zhenzhong Duan <zhenzhong.duan@intel.com>	2023-06-15 11:26:26 +0800
committer	Michael S. Tsirkin <mst@redhat.com>	2023-06-26 09:50:00 -0400
commit	ebe1504e10f771f4fc5d005a6d1ed3f30e3ad428 (patch)
tree	d800efcb6edd745a53e1f0bb1a89dda6e5d24277 /hw
parent	ce735ff03349eeac9efe59c118d78f088a151ec4 (diff)