VFIO fixes 2017-07-26

- Error path use after free bug fixes (Philippe Mathieu-Daudé) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAABAgAGBQJZeNYMAAoJECObm247sIsi33UQAJyGyE/szH8Z2wJAuY1poK+6 OLw65KtGpCNLKt9+DEt1y0aA5arK/rjrLmdn/7D+A1IHLHbQcb/C+PvMhv5Mo2s0 SckwUmgL9hohgvpcJuybNpLs1IFbEUt2IekEkczwYoVrGZXh3DlNaxPh+PVz80kt P0Lp/EQ9lvKNxbvZq+D6jHDkt0ICheqI43nA641qxpDlZq7DfnQdkuNFJq0ZPe+k QKW0FkwfEG5mmofVhq6+xu0IyuVDJJmyqcrYB+rUCk2amKOMkzSpzxjOPPiEP4u2 XBIvmNWjhZwptIBV6o42ASi2zwv7k7l+yCw94EY89nlCqDHGXH6OyXxF99Sua94D h5oV5mq0Bx/xK6wt22RCOgwt1xaHakjuoV2vFheyNA5K2C+s1sWv03TrarxHC8PI vuZFlRwBhiiFcAVc0/RMUvP6kqSpr0taEetnCEc7WS6zlXls98BtoH/Cc/YeZah9 ybL1VZ75Hz5DpdsXyFQoeC2Hiap+AVEXpAqrPVwdVe2LkRpP5015u5qMATSfo3kV SmF1hCN7300omp24LReEqFvhlaRW7whkFlDF0UzF6cg2vXQXtxB0MauwcmXuZ+cZ laUcqyXkwZsy83fZwiQKXsHIzy8WiR8XP4yyihMYPSIP7WL41Al1gRROX5aSr5R+ fGRdLrZ3AooByfFF7l8T =zmWF -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20170726.0' into staging VFIO fixes 2017-07-26 - Error path use after free bug fixes (Philippe Mathieu-Daudé) # gpg: Signature made Wed 26 Jul 2017 18:49:00 BST # gpg: using RSA key 0x239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-fixes-20170726.0: vfio/pci: fix use of freed memory vfio/platform: fix use of freed memory Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-11-29 06:20:26 +00:00 · 2017-07-27 10:49:05 +01:00 · 2017-07-27 10:49:05 +01:00 · 6be37cc583
commit 6be37cc583
parent 2dca6d9e7e 96d2c2c574
2 changed files with 8 additions and 5 deletions
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@ -257,7 +257,7 @@ static void vfio_intx_update(PCIDevice *pdev)
 static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
 {
    uint8_t pin = vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1);
-    int ret, argsz;
+    int ret, argsz, retval = 0;
    struct vfio_irq_set *irq_set;
    int32_t *pfd;
    Error *err = NULL;
@ -302,12 +302,12 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
    qemu_set_fd_handler(*pfd, vfio_intx_interrupt, NULL, vdev);
    ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_SET_IRQS, irq_set);
    g_free(irq_set);
    if (ret) {
        error_setg_errno(errp, -ret, "failed to setup INTx fd");
        qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
        event_notifier_cleanup(&vdev->intx.interrupt);
-        return -errno;
+        retval = -errno;
        goto cleanup;
    }
    vfio_intx_enable_kvm(vdev, &err);
@ -319,7 +319,10 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
    trace_vfio_intx_enable(vdev->vbasedev.name);
-    return 0;
+cleanup:
    g_free(irq_set);
    return retval;
 }
 static void vfio_intx_disable(VFIOPCIDevice *vdev)
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@ -120,11 +120,11 @@ static int vfio_set_trigger_eventfd(VFIOINTp *intp,
    *pfd = event_notifier_get_fd(intp->interrupt);
    qemu_set_fd_handler(*pfd, (IOHandler *)handler, NULL, intp);
    ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
    g_free(irq_set);
    if (ret < 0) {
        error_report("vfio: Failed to set trigger eventfd: %m");
        qemu_set_fd_handler(*pfd, NULL, NULL, NULL);
    }
    g_free(irq_set);
    return ret;
 }