[PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_re

From:	Longpeng(Mike)
Subject:	[PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_read
Date:	Mon, 24 Feb 2020 14:42:17 +0800

From: Longpeng <address@hidden>

vfio_pci_load_rom() maybe failed and then the vdev->rom is NULL in
some situation (though I've not encountered yet), maybe we should
avoid the VM abort.

Signed-off-by: Longpeng <address@hidden>
---
 hw/vfio/pci.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 5e75a95..ed798ae 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -768,7 +768,7 @@ static void vfio_update_msi(VFIOPCIDevice *vdev)
     }
 }
 
-static void vfio_pci_load_rom(VFIOPCIDevice *vdev)
+static bool vfio_pci_load_rom(VFIOPCIDevice *vdev)
 {
     struct vfio_region_info *reg_info;
     uint64_t size;
@@ -778,7 +778,7 @@ static void vfio_pci_load_rom(VFIOPCIDevice *vdev)
     if (vfio_get_region_info(&vdev->vbasedev,
                              VFIO_PCI_ROM_REGION_INDEX, &reg_info)) {
         error_report("vfio: Error getting ROM info: %m");
-        return;
+        return false;
     }
 
     trace_vfio_pci_load_rom(vdev->vbasedev.name, (unsigned long)reg_info->size,
@@ -797,7 +797,7 @@ static void vfio_pci_load_rom(VFIOPCIDevice *vdev)
         error_printf("Device option ROM contents are probably invalid "
                     "(check dmesg).\nSkip option ROM probe with rombar=0, "
                     "or load from file with romfile=\n");
-        return;
+        return false;
     }
 
     vdev->rom = g_malloc(size);
@@ -849,6 +849,8 @@ static void vfio_pci_load_rom(VFIOPCIDevice *vdev)
             data[6] = -csum;
         }
     }
+
+    return true;
 }
 
 static uint64_t vfio_rom_read(void *opaque, hwaddr addr, unsigned size)
@@ -863,8 +865,9 @@ static uint64_t vfio_rom_read(void *opaque, hwaddr addr, 
unsigned size)
     uint64_t data = 0;
 
     /* Load the ROM lazily when the guest tries to read it */
-    if (unlikely(!vdev->rom && !vdev->rom_read_failed)) {
-        vfio_pci_load_rom(vdev);
+    if (unlikely(!vdev->rom && !vdev->rom_read_failed) &&
+        !vfio_pci_load_rom(vdev)) {
+        return 0;
     }
 
     memcpy(&val, vdev->rom + addr,
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH RESEND 0/3] fix some warnings by static code scan tool, Longpeng(Mike), 2020/02/24
- [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Longpeng(Mike), 2020/02/24
- [PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_read, Longpeng(Mike) <=
  - Re: [PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_read, Alex Williamson, 2020/02/24
    - Re: [PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_read, Longpeng (Mike, Cloud Infrastructure Service Product Dept.), 2020/02/24
- [PATCH RESEND 3/3] util/pty: fix a null pointer reference in qemu_openpty_raw, Longpeng(Mike), 2020/02/24

Prev by Date: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log
Next by Date: [PATCH RESEND 3/3] util/pty: fix a null pointer reference in qemu_openpty_raw
Previous by thread: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log
Next by thread: Re: [PATCH RESEND 1/3] vfio/pci: fix a null pointer reference in vfio_rom_read
Index(es):
- Date
- Thread