All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Maxime Coquelin" <maxime.coquelin@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [Qemu-devel] [PULL 17/21] vhost: ensure vhost_ops are set before calling iotlb callback
Date: Mon, 3 Jul 2017 22:45:45 +0300	[thread overview]
Message-ID: <1499111049-13721-18-git-send-email-mst@redhat.com> (raw)
In-Reply-To: <1499111049-13721-1-git-send-email-mst@redhat.com>

From: Maxime Coquelin <maxime.coquelin@redhat.com>

This patch fixes a crash that happens when vhost-user iommu
support is enabled and vhost-user socket is closed.

When it happens, if an IOTLB invalidation notification is sent
by the IOMMU, vhost_ops's NULL pointer is dereferenced.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/virtio/vhost-backend.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
index 4e31de1..cb055e8 100644
--- a/hw/virtio/vhost-backend.c
+++ b/hw/virtio/vhost-backend.c
@@ -309,7 +309,10 @@ int vhost_backend_update_device_iotlb(struct vhost_dev *dev,
         return -EINVAL;
     }
 
-    return dev->vhost_ops->vhost_send_device_iotlb_msg(dev, &imsg);
+    if (dev->vhost_ops && dev->vhost_ops->vhost_send_device_iotlb_msg)
+        return dev->vhost_ops->vhost_send_device_iotlb_msg(dev, &imsg);
+
+    return -ENODEV;
 }
 
 int vhost_backend_invalidate_device_iotlb(struct vhost_dev *dev,
@@ -321,7 +324,10 @@ int vhost_backend_invalidate_device_iotlb(struct vhost_dev *dev,
     imsg.size = len;
     imsg.type = VHOST_IOTLB_INVALIDATE;
 
-    return dev->vhost_ops->vhost_send_device_iotlb_msg(dev, &imsg);
+    if (dev->vhost_ops && dev->vhost_ops->vhost_send_device_iotlb_msg)
+        return dev->vhost_ops->vhost_send_device_iotlb_msg(dev, &imsg);
+
+    return -ENODEV;
 }
 
 int vhost_backend_handle_iotlb_msg(struct vhost_dev *dev,
-- 
MST

  parent reply	other threads:[~2017-07-03 19:45 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-03 19:44 [Qemu-devel] [PULL 00/21] pc, acpi, pci, virtio: fixes, cleanups, features, tests Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 01/21] virtio-net: enable configurable tx queue size Michael S. Tsirkin
2017-07-04  1:44   ` Wei Wang
2017-07-13  8:01     ` Michal Privoznik
2017-07-03 19:44 ` [Qemu-devel] [PULL 02/21] hw/pci-bridge/dec: Classify the DEC PCI bridge as bridge device Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 03/21] intel_iommu: relax iq tail check on VTD_GCMD_QIE enable Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 04/21] pci: Clean up error checking in pci_add_capability() Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 05/21] pci: Add comment for pci_add_capability2() Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 06/21] pci: Fix the wrong assertion Michael S. Tsirkin
2017-07-03 19:44 ` [Qemu-devel] [PULL 07/21] pci: Make errp the last parameter of pci_add_capability() Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 08/21] pci: Replace pci_add_capability2() with pci_add_capability() Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 09/21] pci: Convert to realize Michael S. Tsirkin
2017-08-25 15:17   ` Eduardo Habkost
2017-08-25 16:57     ` Michael S. Tsirkin
2017-08-25 17:49       ` Eduardo Habkost
2017-07-03 19:45 ` [Qemu-devel] [PULL 10/21] pci: Convert shpc_init() to Error Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 11/21] i386/kvm/pci-assign: Fix return type of verify_irqchip_kernel() Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 12/21] i386/kvm/pci-assign: Use errp directly rather than local_err Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 13/21] fw_cfg: don't map the fw_cfg IO ports in fw_cfg_io_realize() Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 14/21] fw_cfg: move setting of FW_CFG_VERSION_DMA bit to fw_cfg_init1() Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 15/21] hw/acpi: remove dead acpi code Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 16/21] intel_iommu: fix migration breakage on mr switch Michael S. Tsirkin
2017-07-03 19:45 ` Michael S. Tsirkin [this message]
2017-07-03 19:45 ` [Qemu-devel] [PULL 18/21] vhost-user: unregister slave req handler at cleanup time Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 19/21] tests: Add unit tests for the VM Generation ID feature Michael S. Tsirkin
2017-07-11 13:32   ` Peter Maydell
2017-07-11 15:07     ` Ben Warren
2017-07-11 15:22       ` Peter Maydell
2017-07-11 16:49         ` Peter Maydell
2017-07-11 19:10           ` Michael S. Tsirkin
2017-07-11 20:42             ` Peter Maydell
2017-07-11 22:13               ` Laszlo Ersek
2017-07-11 23:43                 ` Ben Warren
2017-07-12  0:42                   ` Michael S. Tsirkin
2017-07-13 10:47                   ` Peter Maydell
2017-07-13 11:31                     ` Laszlo Ersek
2017-07-13 11:51                       ` Marc-André Lureau
2017-07-13 13:34                         ` Ben Warren
2017-07-13 16:38                           ` Michael S. Tsirkin
2017-07-14 13:11                             ` Peter Maydell
2017-07-14 15:14                               ` Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 20/21] virtio-net: fix tx queue size for !vhost-user Michael S. Tsirkin
2017-07-03 19:45 ` [Qemu-devel] [PULL 21/21] i386/acpi: update expected acpi files Michael S. Tsirkin
2017-07-04 12:05 ` [Qemu-devel] [PULL 00/21] pc, acpi, pci, virtio: fixes, cleanups, features, tests Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1499111049-13721-18-git-send-email-mst@redhat.com \
    --to=mst@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=maxime.coquelin@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.