[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL v3 04/32] vfio: Add migration region initialization and finali
From: |
Alex Williamson |
Subject: |
Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function |
Date: |
Thu, 5 Nov 2020 17:32:10 -0700 |
On Thu, 5 Nov 2020 23:55:32 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:
> On Sun, 1 Nov 2020 at 21:02, Alex Williamson <alex.williamson@redhat.com>
> wrote:
> >
> > From: Kirti Wankhede <kwankhede@nvidia.com>
> >
> > Whether the VFIO device supports migration or not is decided based of
> > migration region query. If migration region query is successful and
> > migration
> > region initialization is successful then migration is supported else
> > migration is blocked.
> >
> > Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com>
> > Reviewed-by: Neo Jia <cjia@nvidia.com>
> > Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> > Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
>
> Hi; Coverity points out (CID 1436126) that this code has a
> use-after-free:
Thanks, I already relayed this to Kirti and expect to see a patch.
Thanks,
Alex
> > +int vfio_migration_probe(VFIODevice *vbasedev, Error **errp)
> > +{
> > + struct vfio_region_info *info = NULL;
> > + Error *local_err = NULL;
> > + int ret;
> > +
> > + ret = vfio_get_dev_region_info(vbasedev, VFIO_REGION_TYPE_MIGRATION,
> > + VFIO_REGION_SUBTYPE_MIGRATION, &info);
> > + if (ret) {
> > + goto add_blocker;
> > + }
> > +
> > + ret = vfio_migration_init(vbasedev, info);
> > + if (ret) {
> > + goto add_blocker;
> > + }
> > +
> > + g_free(info);
> > + trace_vfio_migration_probe(vbasedev->name, info->index);
>
> We free info, and then access info->index. Switching the
> order of the g_free() and the tracepoint seems the obvious fix.
>
> thanks
> -- PMM
>
- [PULL v3 00/32] VFIO updates 2020-11-01 (for QEMU 5.2 soft-freeze), Alex Williamson, 2020/11/01
- [PULL v3 01/32] vfio: Add function to unmap VFIO region, Alex Williamson, 2020/11/01
- [PULL v3 02/32] vfio: Add vfio_get_object callback to VFIODeviceOps, Alex Williamson, 2020/11/01
- [PULL v3 03/32] vfio: Add save and load functions for VFIO PCI devices, Alex Williamson, 2020/11/01
- [PULL v3 04/32] vfio: Add migration region initialization and finalize function, Alex Williamson, 2020/11/01
- [PULL v3 05/32] vfio: Add VM state change handler to know state of VM, Alex Williamson, 2020/11/01
- [PULL v3 06/32] vfio: Add migration state change notifier, Alex Williamson, 2020/11/01
- [PULL v3 07/32] vfio: Register SaveVMHandlers for VFIO device, Alex Williamson, 2020/11/01
- [PULL v3 08/32] vfio: Add save state functions to SaveVMHandlers, Alex Williamson, 2020/11/01
- [PULL v3 09/32] vfio: Add load state functions to SaveVMHandlers, Alex Williamson, 2020/11/01
- [PULL v3 10/32] memory: Set DIRTY_MEMORY_MIGRATION when IOMMU is enabled, Alex Williamson, 2020/11/01
- [PULL v3 11/32] vfio: Get migration capability flags for container, Alex Williamson, 2020/11/01
- [PULL v3 12/32] vfio: Add function to start and stop dirty pages tracking, Alex Williamson, 2020/11/01
- [PULL v3 13/32] vfio: Add vfio_listener_log_sync to mark dirty pages, Alex Williamson, 2020/11/01
- [PULL v3 14/32] vfio: Dirty page tracking when vIOMMU is enabled, Alex Williamson, 2020/11/01