[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 1/7] i386: assert 'cs->kvm_state' is not null
From: |
Paolo Bonzini |
Subject: |
[PULL 1/7] i386: assert 'cs->kvm_state' is not null |
Date: |
Thu, 29 Jul 2021 14:47:07 +0200 |
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Coverity reports potential NULL pointer dereference in
get_supported_hv_cpuid_legacy() when 'cs->kvm_state' is NULL. While
'cs->kvm_state' can indeed be NULL in hv_cpuid_get_host(),
kvm_hyperv_expand_features() makes sure that it only happens when
KVM_CAP_SYS_HYPERV_CPUID is supported and KVM_CAP_SYS_HYPERV_CPUID
implies KVM_CAP_HYPERV_CPUID so get_supported_hv_cpuid_legacy() is
never really called. Add asserts to strengthen the protection against
broken KVM behavior.
Coverity: CID 1458243
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210716115852.418293-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 59ed8327ac..e69abe48e3 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -974,6 +974,12 @@ static struct kvm_cpuid2 *get_supported_hv_cpuid(CPUState
*cs)
do_sys_ioctl =
kvm_check_extension(kvm_state, KVM_CAP_SYS_HYPERV_CPUID) > 0;
+ /*
+ * Non-empty KVM context is needed when KVM_CAP_SYS_HYPERV_CPUID is
+ * unsupported, kvm_hyperv_expand_features() checks for that.
+ */
+ assert(do_sys_ioctl || cs->kvm_state);
+
/*
* When the buffer is too small, KVM_GET_SUPPORTED_HV_CPUID fails with
* -E2BIG, however, it doesn't report back the right size. Keep increasing
@@ -1105,6 +1111,14 @@ static uint32_t hv_cpuid_get_host(CPUState *cs, uint32_t
func, int reg)
if (kvm_check_extension(kvm_state, KVM_CAP_HYPERV_CPUID) > 0) {
cpuid = get_supported_hv_cpuid(cs);
} else {
+ /*
+ * 'cs->kvm_state' may be NULL when Hyper-V features are expanded
+ * before KVM context is created but this is only done when
+ * KVM_CAP_SYS_HYPERV_CPUID is supported and it implies
+ * KVM_CAP_HYPERV_CPUID.
+ */
+ assert(cs->kvm_state);
+
cpuid = get_supported_hv_cpuid_legacy(cs);
}
hv_cpuid_cache = cpuid;
--
2.31.1
- [PULL 0/7] Misc patches for QEMU 6.1-rc2, Paolo Bonzini, 2021/07/29
- [PULL 1/7] i386: assert 'cs->kvm_state' is not null,
Paolo Bonzini <=
- [PULL 2/7] Makefile: ignore long options, Paolo Bonzini, 2021/07/29
- [PULL 3/7] configure: Add -Werror to avx2, avx512 tests, Paolo Bonzini, 2021/07/29
- [PULL 4/7] target/i386: Added consistency checks for event injection, Paolo Bonzini, 2021/07/29
- [PULL 5/7] target/i386: fix typo in ctl_has_irq, Paolo Bonzini, 2021/07/29
- [PULL 6/7] meson: fix meson 0.58 warning with libvhost-user subproject, Paolo Bonzini, 2021/07/29
[PULL 7/7] libvhost-user: fix -Werror=format= warnings with __u64 fields, Paolo Bonzini, 2021/07/29