vfio/pci: Fix null pointer deference from error API

Message ID	20240912051734.5298-1-jim.shu@sifive.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Jim Shu <jim.shu@sifive.com> To: qemu-devel@nongnu.org Cc: Alex Williamson <alex.williamson@redhat.com>, =?utf-8?q?C=C3=A9dric_Le_G?= =?utf-8?q?oater?= <clg@redhat.com>, Jim Shu <jim.shu@sifive.com> Subject: [PATCH] vfio/pci: Fix null pointer deference from error API Date: Thu, 12 Sep 2024 13:17:34 +0800 Message-Id: <20240912051734.5298-1-jim.shu@sifive.com> Received-SPF: pass client-ip=2607:f8b0:4864:20::1033; envelope-from=jim.shu@sifive.com; helo=mail-pj1-x1033.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Series	vfio/pci: Fix null pointer deference from error API \| expand vfio/pci: Fix null pointer deference from error API

Message ID

20240912051734.5298-1-jim.shu@sifive.com

State

New

Headers

From: Jim Shu <jim.shu@sifive.com>
To: qemu-devel@nongnu.org
Cc: Alex Williamson <alex.williamson@redhat.com>, =?utf-8?q?C=C3=A9dric_Le_G?=
	=?utf-8?q?oater?= <clg@redhat.com>, Jim Shu <jim.shu@sifive.com>
Subject: [PATCH] vfio/pci: Fix null pointer deference from error API
Date: Thu, 12 Sep 2024 13:17:34 +0800
Message-Id: <20240912051734.5298-1-jim.shu@sifive.com>
Received-SPF: pass client-ip=2607:f8b0:4864:20::1033;
 envelope-from=jim.shu@sifive.com; helo=mail-pj1-x1033.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Series

vfio/pci: Fix null pointer deference from error API | expand

pci_dev_realize() use the local error variable, which requires `error_setg()` API to allocate the error object at first. Signed-off-by: Jim Shu <jim.shu@sifive.com> --- hw/vfio/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Cédric Le Goater Sept. 12, 2024, 6:18 a.m. UTC | #1

Hello Jim,

On 9/12/24 07:17, Jim Shu wrote:
> pci_dev_realize() use the local error variable, which requires
> `error_setg()` API to allocate the error object at first.
> 
> Signed-off-by: Jim Shu <jim.shu@sifive.com>
> ---
>   hw/vfio/pci.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 0a99e55247..d994ad8bb9 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -3117,7 +3117,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
>   
>       if (!vbasedev->mdev &&
>           !pci_device_set_iommu_device(pdev, vbasedev->hiod, errp)) {

'errp' will be set by pci_device_set_iommu_device() in case of
failure and, in this case, calling error_prepend() is a valid
thing to do. I think we are fine.

Thanks,

C.



> -        error_prepend(errp, "Failed to set iommu_device: ");
> +        error_setg(errp, "Failed to set iommu_device: ");
>           goto out_teardown;
>       }
>

Jim Shu Sept. 12, 2024, 6:36 a.m. UTC | #2

Hi Cédric,

Thank you very much for the quick response!

I have checked the error API again. It seems to be my porting issue of
set_iommu_device() callback.
I think "pci_device_set_iommu_device(..., *errp)" should set 'errp' if
this function returns false, right?

Thanks,
Jim

On Thu, Sep 12, 2024 at 2:18 PM Cédric Le Goater <clg@redhat.com> wrote:
>
> Hello Jim,
>
> On 9/12/24 07:17, Jim Shu wrote:
> > pci_dev_realize() use the local error variable, which requires
> > `error_setg()` API to allocate the error object at first.
> >
> > Signed-off-by: Jim Shu <jim.shu@sifive.com>
> > ---
> >   hw/vfio/pci.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> > index 0a99e55247..d994ad8bb9 100644
> > --- a/hw/vfio/pci.c
> > +++ b/hw/vfio/pci.c
> > @@ -3117,7 +3117,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
> >
> >       if (!vbasedev->mdev &&
> >           !pci_device_set_iommu_device(pdev, vbasedev->hiod, errp)) {
>
> 'errp' will be set by pci_device_set_iommu_device() in case of
> failure and, in this case, calling error_prepend() is a valid
> thing to do. I think we are fine.
>
> Thanks,
>
> C.
>
>
>
> > -        error_prepend(errp, "Failed to set iommu_device: ");
> > +        error_setg(errp, "Failed to set iommu_device: ");
> >           goto out_teardown;
> >       }
> >
>

Cédric Le Goater Sept. 12, 2024, 9:56 a.m. UTC | #3

Hello Jim,

On 9/12/24 08:36, Jim Shu wrote:
> Hi Cédric,
> 
> Thank you very much for the quick response!
> 
> I have checked the error API again. It seems to be my porting issue of
> set_iommu_device() callback.

Are you adding support for a new IOMMU ?

> I think "pci_device_set_iommu_device(..., *errp)" should set 'errp' if
> this function returns false, right?

yes, this is a requirement for routines using an Error parameter.
You can take a look at the "= Rules =" section in include/qapi/error.h
for more info.

Thanks,

C.

Jim Shu Sept. 13, 2024, 1:37 p.m. UTC | #4

On Thu, Sep 12, 2024 at 5:56 PM Cédric Le Goater <clg@redhat.com> wrote:
>
> Hello Jim,
>
> On 9/12/24 08:36, Jim Shu wrote:
> > Hi Cédric,
> >
> > Thank you very much for the quick response!
> >
> > I have checked the error API again. It seems to be my porting issue of
> > set_iommu_device() callback.
>
> Are you adding support for a new IOMMU ?

Yes, I am working on RISC-V IOMMU support, based on Zhenzhong's
iommufd nesting series [1] and RISC-V IOMMU patch v7.
[1] https://github.com/yiliu1765/qemu/commits/zhenzhong/iommufd_nesting_rfcv2

>
> > I think "pci_device_set_iommu_device(..., *errp)" should set 'errp' if
> > this function returns false, right?
>
> yes, this is a requirement for routines using an Error parameter.
> You can take a look at the "= Rules =" section in include/qapi/error.h
> for more info.

Thanks for the information! I will take a look.

>
> Thanks,
>
> C.
>

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 0a99e55247..d994ad8bb9 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3117,7 +3117,7 @@  static void vfio_realize(PCIDevice *pdev, Error **errp)
 
     if (!vbasedev->mdev &&
         !pci_device_set_iommu_device(pdev, vbasedev->hiod, errp)) {
-        error_prepend(errp, "Failed to set iommu_device: ");
+        error_setg(errp, "Failed to set iommu_device: ");
         goto out_teardown;
     }

vfio/pci: Fix null pointer deference from error API

Commit Message

Comments

Patch