[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.11 16/41] hw/nvme: separate 'serial' property for VFs
From: |
Michael Tokarev |
Subject: |
[Stable-7.2.11 16/41] hw/nvme: separate 'serial' property for VFs |
Date: |
Wed, 10 Apr 2024 08:43:37 +0300 |
From: Minwoo Im <minwoo.im@samsung.com>
Currently, when a VF is created, it uses the 'params' object of the PF
as it is. In other words, the 'params.serial' string memory area is also
shared. In this situation, if the VF is removed from the system, the
PF's 'params.serial' object is released with object_finalize() followed
by object_property_del_all() which release the memory for 'serial'
property. If that happens, the next VF created will inherit a serial
from a corrupted memory area.
If this happens, an error will occur when comparing subsys->serial and
n->params.serial in the nvme_subsys_register_ctrl() function.
Cc: qemu-stable@nongnu.org
Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV")
Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 4f0a4a3d5854824e5c5eccf353d4a1f4f749a29d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index f2b308f5fa..c2c0fc991d 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -7515,9 +7515,15 @@ static void nvme_realize(PCIDevice *pci_dev, Error
**errp)
if (pci_is_vf(pci_dev)) {
/*
* VFs derive settings from the parent. PF's lifespan exceeds
- * that of VF's, so it's safe to share params.serial.
+ * that of VF's.
*/
memcpy(&n->params, &pn->params, sizeof(NvmeParams));
+
+ /*
+ * Set PF's serial value to a new string memory to prevent 'serial'
+ * property object release of PF when a VF is removed from the system.
+ */
+ n->params.serial = g_strdup(pn->params.serial);
n->subsys = pn->subsys;
}
--
2.39.2
- [Stable-7.2.11 05/41] target/arm: Fix SME full tile indexing, (continued)
- [Stable-7.2.11 05/41] target/arm: Fix SME full tile indexing, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 03/41] target/arm: align exposed ID registers with Linux, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 06/41] hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 07/41] system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add(), Michael Tokarev, 2024/04/10
- [Stable-7.2.11 08/41] hw/scsi/lsi53c895a: stop script on phase mismatch, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 09/41] hw/scsi/lsi53c895a: add missing decrement of reentrancy counter, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 10/41] hw/scsi/lsi53c895a: add timer to scripts processing, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 13/41] Avoid unaligned fetch in ladr_match(), Michael Tokarev, 2024/04/10
- [Stable-7.2.11 11/41] make-release: switch to .xz format by default, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 12/41] e1000e: fix link state on resume, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 16/41] hw/nvme: separate 'serial' property for VFs,
Michael Tokarev <=
- [Stable-7.2.11 17/41] hw/nvme: generalize the mbar size helper, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 19/41] pcie: Introduce pcie_sriov_num_vfs, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 18/41] hw/nvme: add machine compatibility parameter to enable msix exclusive bar, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 20/41] hw/nvme: Use pcie_sriov_num_vfs(), Michael Tokarev, 2024/04/10
- [Stable-7.2.11 21/41] pcie_sriov: Validate NumVFs, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 14/41] hw/nvme: clean up confusing use of errp/local_err, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 15/41] hw/nvme: cleanup error reporting in nvme_init_pci(), Michael Tokarev, 2024/04/10
- [Stable-7.2.11 22/41] hmat acpi: Fix out of bounds access due to missing use of indirection, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 24/41] tests/unit: Bump test-aio-multithread test timeout to 2 minutes, Michael Tokarev, 2024/04/10
- [Stable-7.2.11 26/41] tests/unit: Bump test-replication timeout to 60 seconds, Michael Tokarev, 2024/04/10