Re: [PULL v3 04/32] vfio: Add migration region initialization and finali

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL v3 04/32] vfio: Add migration region initialization and finali

From:	Peter Maydell
Subject:	Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function
Date:	Thu, 5 Nov 2020 23:55:32 +0000

On Sun, 1 Nov 2020 at 21:02, Alex Williamson <alex.williamson@redhat.com> wrote:
>
> From: Kirti Wankhede <kwankhede@nvidia.com>
>
> Whether the VFIO device supports migration or not is decided based of
> migration region query. If migration region query is successful and migration
> region initialization is successful then migration is supported else
> migration is blocked.
>
> Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com>
> Reviewed-by: Neo Jia <cjia@nvidia.com>
> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

Hi; Coverity points out (CID 1436126) that this code has a
use-after-free:


> +int vfio_migration_probe(VFIODevice *vbasedev, Error **errp)
> +{
> +    struct vfio_region_info *info = NULL;
> +    Error *local_err = NULL;
> +    int ret;
> +
> +    ret = vfio_get_dev_region_info(vbasedev, VFIO_REGION_TYPE_MIGRATION,
> +                                   VFIO_REGION_SUBTYPE_MIGRATION, &info);
> +    if (ret) {
> +        goto add_blocker;
> +    }
> +
> +    ret = vfio_migration_init(vbasedev, info);
> +    if (ret) {
> +        goto add_blocker;
> +    }
> +
> +    g_free(info);
> +    trace_vfio_migration_probe(vbasedev->name, info->index);

We free info, and then access info->index. Switching the
order of the g_free() and the tracepoint seems the obvious fix.

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL v3 00/32] VFIO updates 2020-11-01 (for QEMU 5.2 soft-freeze), Alex Williamson, 2020/11/01
- [PULL v3 01/32] vfio: Add function to unmap VFIO region, Alex Williamson, 2020/11/01
- [PULL v3 02/32] vfio: Add vfio_get_object callback to VFIODeviceOps, Alex Williamson, 2020/11/01
- [PULL v3 03/32] vfio: Add save and load functions for VFIO PCI devices, Alex Williamson, 2020/11/01
- [PULL v3 04/32] vfio: Add migration region initialization and finalize function, Alex Williamson, 2020/11/01
  - Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function, Peter Maydell <=
    - Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function, Alex Williamson, 2020/11/05
- [PULL v3 05/32] vfio: Add VM state change handler to know state of VM, Alex Williamson, 2020/11/01
- [PULL v3 06/32] vfio: Add migration state change notifier, Alex Williamson, 2020/11/01
- [PULL v3 07/32] vfio: Register SaveVMHandlers for VFIO device, Alex Williamson, 2020/11/01
- [PULL v3 08/32] vfio: Add save state functions to SaveVMHandlers, Alex Williamson, 2020/11/01
- [PULL v3 09/32] vfio: Add load state functions to SaveVMHandlers, Alex Williamson, 2020/11/01
- [PULL v3 10/32] memory: Set DIRTY_MEMORY_MIGRATION when IOMMU is enabled, Alex Williamson, 2020/11/01
- [PULL v3 11/32] vfio: Get migration capability flags for container, Alex Williamson, 2020/11/01
- [PULL v3 12/32] vfio: Add function to start and stop dirty pages tracking, Alex Williamson, 2020/11/01
- [PULL v3 13/32] vfio: Add vfio_listener_log_sync to mark dirty pages, Alex Williamson, 2020/11/01

Prev by Date: Re: [PULL v3 06/12] qga: add implementation of guest-get-disks for Linux
Next by Date: Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function
Previous by thread: [PULL v3 04/32] vfio: Add migration region initialization and finalize function
Next by thread: Re: [PULL v3 04/32] vfio: Add migration region initialization and finalize function
Index(es):
- Date
- Thread