From: Peter Maydell <peter.maydell@linaro.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>,
Jens Freimann <jfreimann@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [PULL 10/14] net/virtio: add failover support
Date: Tue, 12 Nov 2019 10:08:55 +0000 [thread overview]
Message-ID: <CAFEAcA_LObSGtSBCd==L-qp4OyH8LgrpAPdBwzOkifk-kx8JSA@mail.gmail.com> (raw)
In-Reply-To: <20191029225932.14585-11-mst@redhat.com>
On Tue, 29 Oct 2019 at 23:01, Michael S. Tsirkin <mst@redhat.com> wrote:
>
> From: Jens Freimann <jfreimann@redhat.com>
>
> This patch adds support to handle failover device pairs of a virtio-net
> device and a (vfio-)pci device, where the virtio-net acts as the standby
> device and the (vfio-)pci device as the primary.
Hi; Coverity reports some dereference-before-NULL-check errors
in this commit:
> +static bool failover_replug_primary(VirtIONet *n, Error **errp)
> +{
> + HotplugHandler *hotplug_ctrl;
> + PCIDevice *pdev = PCI_DEVICE(n->primary_dev);
> +
> + if (!pdev->partially_hotplugged) {
> + return true;
> + }
> + if (!n->primary_device_opts) {
> + n->primary_device_opts = qemu_opts_from_qdict(
> + qemu_find_opts("device"),
> + n->primary_device_dict, errp);
> + }
> + if (n->primary_device_opts) {
> + if (n->primary_dev) {
Here we check whether n->primary_dev is NULL...
> + n->primary_bus = n->primary_dev->parent_bus;
> + }
> + qdev_set_parent_bus(n->primary_dev, n->primary_bus);
...but qdev_set_parent_bus unconditionally dereferences
its first argument, so it can't be NULL...
> + n->primary_should_be_hidden = false;
> + qemu_opt_set_bool(n->primary_device_opts,
> + "partially_hotplugged", true, errp);
> + hotplug_ctrl = qdev_get_hotplug_handler(n->primary_dev);
> + if (hotplug_ctrl) {
> + hotplug_handler_pre_plug(hotplug_ctrl, n->primary_dev, errp);
> + hotplug_handler_plug(hotplug_ctrl, n->primary_dev, errp);
> + }
> + if (!n->primary_dev) {
...and we do another NULL check here.
Either we don't need the NULL checks, or we need to avoid
calling qdev_set_parent_bus(NULL, ...).
(This is CID 1407224.)
> + error_setg(errp, "virtio_net: couldn't find primary device");
> + }
> + }
> + return *errp != NULL;
> +}
> +static int virtio_net_primary_should_be_hidden(DeviceListener *listener,
> + QemuOpts *device_opts)
> +{
> + VirtIONet *n = container_of(listener, VirtIONet, primary_listener);
> + bool match_found;
> + bool hide;
> +
> + n->primary_device_dict = qemu_opts_to_qdict(device_opts,
> + n->primary_device_dict);
Here we pass device_optns to qemu_opts_to_qdict(), which must
take a non-NULL pointer (it always dereferences it)...
> + if (n->primary_device_dict) {
> + g_free(n->standby_id);
> + n->standby_id = g_strdup(qdict_get_try_str(n->primary_device_dict,
> + "failover_pair_id"));
> + }
> + if (device_opts && g_strcmp0(n->standby_id, n->netclient_name) == 0) {
...but here we check whether device_opts is NULL.
Again, either the check or the call must be wrong.
(This is CID 1407222.)
> + match_found = true;
> + } else {
> + match_found = false;
> + hide = false;
> + g_free(n->standby_id);
> + n->primary_device_dict = NULL;
> + goto out;
> + }
thanks
-- PMM
next prev parent reply other threads:[~2019-11-12 10:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-29 22:59 [PULL 00/14] virtio: features, cleanups Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 01/14] qdev/qbus: add hidden device support Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 02/14] pci: add option for net failover Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 03/14] pci: mark devices partially unplugged Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 04/14] pci: mark device having guest unplug request pending Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 05/14] qapi: add unplug primary event Michael S. Tsirkin
2020-06-29 16:05 ` Eric Blake
2020-06-29 16:07 ` Eric Blake
2019-10-29 23:00 ` [PULL 06/14] qapi: add failover negotiated event Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 07/14] migration: allow unplug during migration for failover devices Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 08/14] migration: add new migration state wait-unplug Michael S. Tsirkin
2020-06-27 21:49 ` Peter Maydell
2020-06-29 12:09 ` Dr. David Alan Gilbert
2020-06-29 14:00 ` Peter Maydell
2019-10-29 23:00 ` [PULL 09/14] libqos: tolerate wait-unplug migration state Michael S. Tsirkin
2019-10-29 23:01 ` [PULL 10/14] net/virtio: add failover support Michael S. Tsirkin
2019-11-12 10:08 ` Peter Maydell [this message]
2019-10-29 23:01 ` [PULL 11/14] vfio: unplug failover primary device before migration Michael S. Tsirkin
2019-11-12 10:13 ` Peter Maydell
2019-10-29 23:01 ` [PULL 12/14] virtio/vhost: Use auto_rcu_read macros Michael S. Tsirkin
2019-10-29 23:01 ` [PULL 13/14] virtio_net: use RCU_READ_LOCK_GUARD Michael S. Tsirkin
2019-10-29 23:38 ` [PULL 14/14] virtio: Use auto rcu_read macros Michael S. Tsirkin
2019-10-30 11:10 ` [PULL 00/14] virtio: features, cleanups Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA_LObSGtSBCd==L-qp4OyH8LgrpAPdBwzOkifk-kx8JSA@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=jasowang@redhat.com \
--cc=jfreimann@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.