mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8af87a3ec7
qemu/hw/vfio
History
Avihai Horon 8af87a3ec7 vfio: Fix null pointer dereference bug in vfio_bars_finalize() 
vfio_realize() has the following flow:
1. vfio_bars_prepare() -- sets VFIOBAR->size.
2. msix_early_setup().
3. vfio_bars_register() -- allocates VFIOBAR->mr.

After vfio_bars_prepare() is called msix_early_setup() can fail. If it
does fail, vfio_bars_register() is never called and VFIOBAR->mr is not
allocated.

In this case, vfio_bars_finalize() is called as part of the error flow
to free the bars' resources. However, vfio_bars_finalize() calls
object_unparent() for VFIOBAR->mr after checking only VFIOBAR->size, and
thus we get a null pointer dereference.

Fix it by checking VFIOBAR->mr in vfio_bars_finalize().

Fixes: 89d5202edc ("vfio/pci: Allow relocating MSI-X MMIO")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
2023-07-10 09:52:52 +02:00
..
amd-xgbe.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ap.c target/s390x: move kvm files into kvm/ 2021-07-07 14:01:59 +02:00
calxeda-xgmac.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ccw.c hw/vfio/ccw: Replace DO_UPCAST(VFIOCCWDevice) by VFIO_CCW() 2023-02-27 09:15:38 +01:00
common.c vfio/migration: Change vIOMMU blocker from global to per device 2023-07-10 09:52:52 +02:00
display.c *: Add missing includes of qemu/error-report.h 2023-03-22 15:06:57 +00:00
igd.c *: Add missing includes of qemu/error-report.h 2023-03-22 15:06:57 +00:00
Kconfig hw/vfio: Move the IGD quirk code to a separate file 2020-02-06 11:55:42 -07:00
meson.build vfio: Add migration region initialization and finalize function 2020-11-01 12:30:50 -07:00
migration.c vfio/migration: Return bool type for vfio_migration_realize() 2023-07-10 09:52:52 +02:00
pci-quirks.c hw/vfio/pci-quirks: Sanitize capability pointer 2023-07-10 09:52:52 +02:00
pci.c vfio: Fix null pointer dereference bug in vfio_bars_finalize() 2023-07-10 09:52:52 +02:00
pci.h vfio/pci: add support for VF token 2023-05-09 09:30:13 -06:00
platform.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
spapr.c Replace qemu_real_host_page variables with inlined functions 2022-04-06 10:50:38 +02:00
trace-events vfio/migration: Make VFIO migration non-experimental 2023-06-30 06:02:51 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00