qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PULL 0/3] Error reporting patches for 2020-04-04
@ 2020-04-04 12:24 Markus Armbruster
  2020-04-04 12:24 ` [PULL 1/3] scripts/coccinelle: add error-use-after-free.cocci Markus Armbruster
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Markus Armbruster @ 2020-04-04 12:24 UTC (permalink / raw)
  To: qemu-devel

The following changes since commit 146aa0f104bb3bf88e43c4082a0bfc4bbda4fbd8:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2020-04-03 15:30:11 +0100)

are available in the Git repository at:

  git://repo.or.cz/qemu/armbru.git tags/pull-error-2020-04-04

for you to fetch changes up to 6a4a38530e70f3917a58d71d4d08e28bd8146015:

  qga/commands-posix: fix use after free of local_err (2020-04-04 14:15:24 +0200)

----------------------------------------------------------------
Error reporting patches for 2020-04-04

----------------------------------------------------------------
Vladimir Sementsov-Ogievskiy (3):
      scripts/coccinelle: add error-use-after-free.cocci
      dump/win_dump: fix use after free of err
      qga/commands-posix: fix use after free of local_err

 scripts/coccinelle/error-use-after-free.cocci | 52 +++++++++++++++++++++++++++
 dump/win_dump.c                               |  4 +--
 qga/commands-posix.c                          |  3 ++
 MAINTAINERS                                   |  5 +++
 4 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 scripts/coccinelle/error-use-after-free.cocci

-- 
2.21.1



^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PULL 1/3] scripts/coccinelle: add error-use-after-free.cocci
  2020-04-04 12:24 [PULL 0/3] Error reporting patches for 2020-04-04 Markus Armbruster
@ 2020-04-04 12:24 ` Markus Armbruster
  2020-04-04 12:24 ` [PULL 2/3] dump/win_dump: fix use after free of err Markus Armbruster
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Markus Armbruster @ 2020-04-04 12:24 UTC (permalink / raw)
  To: qemu-devel; +Cc: Vladimir Sementsov-Ogievskiy, Richard Henderson

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Add script to find and fix trivial use-after-free of Error objects.
How to use:
spatch --sp-file scripts/coccinelle/error-use-after-free.cocci \
 --macro-file scripts/cocci-macro-file.h --in-place \
 --no-show-diff ( FILES... | --use-gitgrep . )

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-2-vsementsov@virtuozzo.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Pastos in commit message and comment fixed, globbing in MAINTAINERS
expanded]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 scripts/coccinelle/error-use-after-free.cocci | 52 +++++++++++++++++++
 MAINTAINERS                                   |  5 ++
 2 files changed, 57 insertions(+)
 create mode 100644 scripts/coccinelle/error-use-after-free.cocci

diff --git a/scripts/coccinelle/error-use-after-free.cocci b/scripts/coccinelle/error-use-after-free.cocci
new file mode 100644
index 0000000000..72ae9fdebf
--- /dev/null
+++ b/scripts/coccinelle/error-use-after-free.cocci
@@ -0,0 +1,52 @@
+// Find and fix trivial use-after-free of Error objects
+//
+// Copyright (c) 2020 Virtuozzo International GmbH.
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 2 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see
+// <http://www.gnu.org/licenses/>.
+//
+// How to use:
+// spatch --sp-file scripts/coccinelle/error-use-after-free.cocci \
+//  --macro-file scripts/cocci-macro-file.h --in-place \
+//  --no-show-diff ( FILES... | --use-gitgrep . )
+
+@ exists@
+identifier fn, fn2;
+expression err;
+@@
+
+ fn(...)
+ {
+     <...
+(
+     error_free(err);
++    err = NULL;
+|
+     error_report_err(err);
++    err = NULL;
+|
+     error_reportf_err(err, ...);
++    err = NULL;
+|
+     warn_report_err(err);
++    err = NULL;
+|
+     warn_reportf_err(err, ...);
++    err = NULL;
+)
+     ... when != err = NULL
+         when != exit(...)
+     fn2(..., err, ...)
+     ...>
+ }
diff --git a/MAINTAINERS b/MAINTAINERS
index 7cb53ec138..9d156d73b3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2053,6 +2053,11 @@ F: include/qemu/error-report.h
 F: qapi/error.json
 F: util/error.c
 F: util/qemu-error.c
+F: scripts/coccinelle/err-bad-newline.cocci
+F: scripts/coccinelle/error-use-after-free.cocci
+F: scripts/coccinelle/error_propagate_null.cocci
+F: scripts/coccinelle/remove_local_err.cocci
+F: scripts/coccinelle/use-error_fatal.cocci
 
 GDB stub
 M: Alex Bennée <alex.bennee@linaro.org>
-- 
2.21.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PULL 2/3] dump/win_dump: fix use after free of err
  2020-04-04 12:24 [PULL 0/3] Error reporting patches for 2020-04-04 Markus Armbruster
  2020-04-04 12:24 ` [PULL 1/3] scripts/coccinelle: add error-use-after-free.cocci Markus Armbruster
@ 2020-04-04 12:24 ` Markus Armbruster
  2020-04-04 12:24 ` [PULL 3/3] qga/commands-posix: fix use after free of local_err Markus Armbruster
  2020-04-06 11:36 ` [PULL 0/3] Error reporting patches for 2020-04-04 Peter Maydell
  3 siblings, 0 replies; 5+ messages in thread
From: Markus Armbruster @ 2020-04-04 12:24 UTC (permalink / raw)
  To: qemu-devel; +Cc: Vladimir Sementsov-Ogievskiy, Richard Henderson

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

It's possible that we'll try to set err twice (or more). It's bad, it
will crash.

Instead, use warn_report().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-4-vsementsov@virtuozzo.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 dump/win_dump.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dump/win_dump.c b/dump/win_dump.c
index eda2a48974..652c7bad99 100644
--- a/dump/win_dump.c
+++ b/dump/win_dump.c
@@ -304,13 +304,11 @@ static void restore_context(WinDumpHeader64 *h,
                             struct saved_context *saved_ctx)
 {
     int i;
-    Error *err = NULL;
 
     for (i = 0; i < h->NumberProcessors; i++) {
         if (cpu_memory_rw_debug(first_cpu, saved_ctx[i].addr,
                 (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 1)) {
-            error_setg(&err, "win-dump: failed to restore CPU #%d context", i);
-            warn_report_err(err);
+            warn_report("win-dump: failed to restore CPU #%d context", i);
         }
     }
 }
-- 
2.21.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PULL 3/3] qga/commands-posix: fix use after free of local_err
  2020-04-04 12:24 [PULL 0/3] Error reporting patches for 2020-04-04 Markus Armbruster
  2020-04-04 12:24 ` [PULL 1/3] scripts/coccinelle: add error-use-after-free.cocci Markus Armbruster
  2020-04-04 12:24 ` [PULL 2/3] dump/win_dump: fix use after free of err Markus Armbruster
@ 2020-04-04 12:24 ` Markus Armbruster
  2020-04-06 11:36 ` [PULL 0/3] Error reporting patches for 2020-04-04 Peter Maydell
  3 siblings, 0 replies; 5+ messages in thread
From: Markus Armbruster @ 2020-04-04 12:24 UTC (permalink / raw)
  To: qemu-devel; +Cc: Vladimir Sementsov-Ogievskiy, Richard Henderson

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

local_err is used several times in guest_suspend(). Setting non-NULL
local_err will crash, so let's zero it after freeing. Also fix possible
leak of local_err in final if().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-7-vsementsov@virtuozzo.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 qga/commands-posix.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 93474ff770..cc69b82704 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1773,6 +1773,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
     }
 
     error_free(local_err);
+    local_err = NULL;
 
     if (pmutils_supports_mode(mode, &local_err)) {
         mode_supported = true;
@@ -1784,6 +1785,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
     }
 
     error_free(local_err);
+    local_err = NULL;
 
     if (linux_sys_state_supports_mode(mode, &local_err)) {
         mode_supported = true;
@@ -1791,6 +1793,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
     }
 
     if (!mode_supported) {
+        error_free(local_err);
         error_setg(errp,
                    "the requested suspend mode is not supported by the guest");
     } else {
-- 
2.21.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PULL 0/3] Error reporting patches for 2020-04-04
  2020-04-04 12:24 [PULL 0/3] Error reporting patches for 2020-04-04 Markus Armbruster
                   ` (2 preceding siblings ...)
  2020-04-04 12:24 ` [PULL 3/3] qga/commands-posix: fix use after free of local_err Markus Armbruster
@ 2020-04-06 11:36 ` Peter Maydell
  3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2020-04-06 11:36 UTC (permalink / raw)
  To: Markus Armbruster; +Cc: QEMU Developers

On Sat, 4 Apr 2020 at 13:25, Markus Armbruster <armbru@redhat.com> wrote:
>
> The following changes since commit 146aa0f104bb3bf88e43c4082a0bfc4bbda4fbd8:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2020-04-03 15:30:11 +0100)
>
> are available in the Git repository at:
>
>   git://repo.or.cz/qemu/armbru.git tags/pull-error-2020-04-04
>
> for you to fetch changes up to 6a4a38530e70f3917a58d71d4d08e28bd8146015:
>
>   qga/commands-posix: fix use after free of local_err (2020-04-04 14:15:24 +0200)
>
> ----------------------------------------------------------------
> Error reporting patches for 2020-04-04
>
> ----------------------------------------------------------------
> Vladimir Sementsov-Ogievskiy (3):
>       scripts/coccinelle: add error-use-after-free.cocci
>       dump/win_dump: fix use after free of err
>       qga/commands-posix: fix use after free of local_err


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-04-06 11:37 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-04 12:24 [PULL 0/3] Error reporting patches for 2020-04-04 Markus Armbruster
2020-04-04 12:24 ` [PULL 1/3] scripts/coccinelle: add error-use-after-free.cocci Markus Armbruster
2020-04-04 12:24 ` [PULL 2/3] dump/win_dump: fix use after free of err Markus Armbruster
2020-04-04 12:24 ` [PULL 3/3] qga/commands-posix: fix use after free of local_err Markus Armbruster
2020-04-06 11:36 ` [PULL 0/3] Error reporting patches for 2020-04-04 Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).