All of lore.kernel.org
 help / color / mirror / Atom feed
* [PULL 0/2] vfio queue
@ 2023-05-24  8:47 Cédric Le Goater
  2023-05-24  8:47 ` [PULL 1/2] vfio/pci: Fix a use-after-free issue Cédric Le Goater
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Cédric Le Goater @ 2023-05-24  8:47 UTC (permalink / raw)
  To: qemu-devel; +Cc: Richard Henderson, Alex Williamson, Cédric Le Goater

The following changes since commit aa33508196f4e2da04625bee36e1f7be5b9267e7:

  Merge tag 'mem-2023-05-23' of https://github.com/davidhildenbrand/qemu into staging (2023-05-23 10:57:25 -0700)

are available in the Git repository at:

  https://github.com/legoater/qemu/ tags/pull-vfio-20230524

for you to fetch changes up to dbdea0dbfe2cef9ef6c752e9077e4fc98724194c:

  util/vfio-helpers: Use g_file_read_link() (2023-05-24 09:21:22 +0200)

----------------------------------------------------------------
vfio queue:

* Fix for a memory corruption due to an extra free
* Fix for a compile breakage

----------------------------------------------------------------
Akihiko Odaki (1):
      util/vfio-helpers: Use g_file_read_link()

Zhenzhong Duan (1):
      vfio/pci: Fix a use-after-free issue

 hw/vfio/pci.c       | 2 +-
 util/vfio-helpers.c | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PULL 1/2] vfio/pci: Fix a use-after-free issue
  2023-05-24  8:47 [PULL 0/2] vfio queue Cédric Le Goater
@ 2023-05-24  8:47 ` Cédric Le Goater
  2023-05-24  8:47 ` [PULL 2/2] util/vfio-helpers: Use g_file_read_link() Cédric Le Goater
  2023-05-25  0:46 ` [PULL 0/2] vfio queue Richard Henderson
  2 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2023-05-24  8:47 UTC (permalink / raw)
  To: qemu-devel
  Cc: Richard Henderson, Alex Williamson, Zhenzhong Duan,
	Cédric Le Goater, Matthew Rosato,
	Philippe Mathieu-Daudé

From: Zhenzhong Duan <zhenzhong.duan@intel.com>

vbasedev->name is freed wrongly which leads to garbage VFIO trace log.
Fix it by allocating a dup of vbasedev->name and then free the dup.

Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index bf27a3990564..73874a94de12 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2994,7 +2994,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
         qemu_uuid_unparse(&vdev->vf_token, uuid);
         name = g_strdup_printf("%s vf_token=%s", vbasedev->name, uuid);
     } else {
-        name = vbasedev->name;
+        name = g_strdup(vbasedev->name);
     }
 
     ret = vfio_get_device(group, name, vbasedev, errp);
-- 
2.40.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PULL 2/2] util/vfio-helpers: Use g_file_read_link()
  2023-05-24  8:47 [PULL 0/2] vfio queue Cédric Le Goater
  2023-05-24  8:47 ` [PULL 1/2] vfio/pci: Fix a use-after-free issue Cédric Le Goater
@ 2023-05-24  8:47 ` Cédric Le Goater
  2023-05-25  0:46 ` [PULL 0/2] vfio queue Richard Henderson
  2 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2023-05-24  8:47 UTC (permalink / raw)
  To: qemu-devel
  Cc: Richard Henderson, Alex Williamson, Akihiko Odaki,
	Philippe Mathieu-Daudé,
	Cédric Le Goater

From: Akihiko Odaki <akihiko.odaki@daynix.com>

When _FORTIFY_SOURCE=2, glibc version is 2.35, and GCC version is
12.1.0, the compiler complains as follows:

In file included from /usr/include/features.h:490,
                 from /usr/include/bits/libc-header-start.h:33,
                 from /usr/include/stdint.h:26,
                 from /usr/lib/gcc/aarch64-unknown-linux-gnu/12.1.0/include/stdint.h:9,
                 from /home/alarm/q/var/qemu/include/qemu/osdep.h:94,
                 from ../util/vfio-helpers.c:13:
In function 'readlink',
    inlined from 'sysfs_find_group_file' at ../util/vfio-helpers.c:116:9,
    inlined from 'qemu_vfio_init_pci' at ../util/vfio-helpers.c:326:18,
    inlined from 'qemu_vfio_open_pci' at ../util/vfio-helpers.c:517:9:
/usr/include/bits/unistd.h:119:10: error: argument 2 is null but the corresponding size argument 3 value is 4095 [-Werror=nonnull]
  119 |   return __glibc_fortify (readlink, __len, sizeof (char),
      |          ^~~~~~~~~~~~~~~

This error implies the allocated buffer can be NULL. Use
g_file_read_link(), which allocates buffer automatically to avoid the
error.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 util/vfio-helpers.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
index 2d8af38f886a..f8bab46c68fa 100644
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -106,15 +106,17 @@ struct QEMUVFIOState {
  */
 static char *sysfs_find_group_file(const char *device, Error **errp)
 {
+    g_autoptr(GError) gerr = NULL;
     char *sysfs_link;
     char *sysfs_group;
     char *p;
     char *path = NULL;
 
     sysfs_link = g_strdup_printf("/sys/bus/pci/devices/%s/iommu_group", device);
-    sysfs_group = g_malloc0(PATH_MAX);
-    if (readlink(sysfs_link, sysfs_group, PATH_MAX - 1) == -1) {
-        error_setg_errno(errp, errno, "Failed to find iommu group sysfs path");
+    sysfs_group = g_file_read_link(sysfs_link, &gerr);
+    if (gerr) {
+        error_setg(errp, "Failed to find iommu group sysfs path: %s",
+                   gerr->message);
         goto out;
     }
     p = strrchr(sysfs_group, '/');
-- 
2.40.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PULL 0/2] vfio queue
  2023-05-24  8:47 [PULL 0/2] vfio queue Cédric Le Goater
  2023-05-24  8:47 ` [PULL 1/2] vfio/pci: Fix a use-after-free issue Cédric Le Goater
  2023-05-24  8:47 ` [PULL 2/2] util/vfio-helpers: Use g_file_read_link() Cédric Le Goater
@ 2023-05-25  0:46 ` Richard Henderson
  2 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2023-05-25  0:46 UTC (permalink / raw)
  To: Cédric Le Goater, qemu-devel; +Cc: Alex Williamson

On 5/24/23 01:47, Cédric Le Goater wrote:
> The following changes since commit aa33508196f4e2da04625bee36e1f7be5b9267e7:
> 
>    Merge tag 'mem-2023-05-23' ofhttps://github.com/davidhildenbrand/qemu  into staging (2023-05-23 10:57:25 -0700)
> 
> are available in the Git repository at:
> 
>    https://github.com/legoater/qemu/  tags/pull-vfio-20230524
> 
> for you to fetch changes up to dbdea0dbfe2cef9ef6c752e9077e4fc98724194c:
> 
>    util/vfio-helpers: Use g_file_read_link() (2023-05-24 09:21:22 +0200)
> 
> ----------------------------------------------------------------
> vfio queue:
> 
> * Fix for a memory corruption due to an extra free
> * Fix for a compile breakage

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/8.1 as appropriate.


r~



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-05-25  0:47 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-24  8:47 [PULL 0/2] vfio queue Cédric Le Goater
2023-05-24  8:47 ` [PULL 1/2] vfio/pci: Fix a use-after-free issue Cédric Le Goater
2023-05-24  8:47 ` [PULL 2/2] util/vfio-helpers: Use g_file_read_link() Cédric Le Goater
2023-05-25  0:46 ` [PULL 0/2] vfio queue Richard Henderson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.