Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log

From:	Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
Subject:	Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log
Date:	Tue, 10 Mar 2020 10:11:49 +0800
User-agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Hi Michael,

ping...

On 2020/2/24 14:42, Longpeng(Mike) wrote:
> From: Longpeng <address@hidden>
> 
> vhost_log_alloc() may fails and returned pointer of log is null.
> However there're two places derefernce the return pointer without
> check.
> 
> Signed-off-by: Longpeng <address@hidden>
> ---
>  hw/virtio/vhost.c | 19 +++++++++++++++++--
>  1 file changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 9edfadc..c7ad6e5 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -219,6 +219,10 @@ static struct vhost_log *vhost_log_get(uint64_t size, 
> bool share)
>  
>      if (!log || log->size != size) {
>          log = vhost_log_alloc(size, share);
> +        if (!log) {
> +            return NULL;
> +        }
> +
>          if (share) {
>              vhost_log_shm = log;
>          } else {
> @@ -270,10 +274,17 @@ static bool vhost_dev_log_is_shared(struct vhost_dev 
> *dev)
>  
>  static inline void vhost_dev_log_resize(struct vhost_dev *dev, uint64_t size)
>  {
> -    struct vhost_log *log = vhost_log_get(size, 
> vhost_dev_log_is_shared(dev));
> -    uint64_t log_base = (uintptr_t)log->log;
> +    struct vhost_log *log;
> +    uint64_t log_base;
>      int r;
>  
> +    log = vhost_log_get(size, vhost_dev_log_is_shared(dev));
> +    if (!log) {
> +        return;
> +    }
> +
> +    log_base = (uintptr_t)log->log;
> +
>      /* inform backend of log switching, this must be done before
>         releasing the current log, to ensure no logging is lost */
>      r = dev->vhost_ops->vhost_set_log_base(dev, log_base, log);
> @@ -1640,6 +1651,10 @@ int vhost_dev_start(struct vhost_dev *hdev, 
> VirtIODevice *vdev)
>          hdev->log_size = vhost_get_log_size(hdev);
>          hdev->log = vhost_log_get(hdev->log_size,
>                                    vhost_dev_log_is_shared(hdev));
> +        if (!hdev->log) {
> +            goto fail_vq;
> +        }
> +
>          log_base = (uintptr_t)hdev->log->log;
>          r = hdev->vhost_ops->vhost_set_log_base(hdev,
>                                                  hdev->log_size ? log_base : 
> 0,
> 

-- 
---
Regards,
Longpeng(Mike)

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Longpeng (Mike, Cloud Infrastructure Service Product Dept.) <=
- Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Michael S. Tsirkin, 2020/03/10
  - Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Longpeng (Mike, Cloud Infrastructure Service Product Dept.), 2020/03/10
    - Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Michael S. Tsirkin, 2020/03/10
    - Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Longpeng (Mike), 2020/03/10
    - Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log, Michael S. Tsirkin, 2020/03/10

Prev by Date: Re: [PATCH] qcow2: remove QCowL2Meta parameter from handle_copied
Next by Date: Re: [PATCH 00/14]: hw/i386/vmport: Bug fixes and improvements
Previous by thread: [PATCH] i386/kvm: Add CPU property to expose VMware CPUID signature
Next by thread: Re: [PATCH RESEND 2/3] vhost: fix a null pointer reference of vhost_log
Index(es):
- Date
- Thread