From: Peter Maydell <peter.maydell@linaro.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>,
Jens Freimann <jfreimann@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [PULL 10/14] net/virtio: add failover support
Date: Tue, 12 Nov 2019 10:08:55 +0000 [thread overview]
Message-ID: <CAFEAcA_LObSGtSBCd==L-qp4OyH8LgrpAPdBwzOkifk-kx8JSA@mail.gmail.com> (raw)
In-Reply-To: <20191029225932.14585-11-mst@redhat.com>
On Tue, 29 Oct 2019 at 23:01, Michael S. Tsirkin <mst@redhat.com> wrote:
>
> From: Jens Freimann <jfreimann@redhat.com>
>
> This patch adds support to handle failover device pairs of a virtio-net
> device and a (vfio-)pci device, where the virtio-net acts as the standby
> device and the (vfio-)pci device as the primary.
Hi; Coverity reports some dereference-before-NULL-check errors
in this commit:
> +static bool failover_replug_primary(VirtIONet *n, Error **errp)
> +{
> + HotplugHandler *hotplug_ctrl;
> + PCIDevice *pdev = PCI_DEVICE(n->primary_dev);
> +
> + if (!pdev->partially_hotplugged) {
> + return true;
> + }
> + if (!n->primary_device_opts) {
> + n->primary_device_opts = qemu_opts_from_qdict(
> + qemu_find_opts("device"),
> + n->primary_device_dict, errp);
> + }
> + if (n->primary_device_opts) {
> + if (n->primary_dev) {
Here we check whether n->primary_dev is NULL...
> + n->primary_bus = n->primary_dev->parent_bus;
> + }
> + qdev_set_parent_bus(n->primary_dev, n->primary_bus);
...but qdev_set_parent_bus unconditionally dereferences
its first argument, so it can't be NULL...
> + n->primary_should_be_hidden = false;
> + qemu_opt_set_bool(n->primary_device_opts,
> + "partially_hotplugged", true, errp);
> + hotplug_ctrl = qdev_get_hotplug_handler(n->primary_dev);
> + if (hotplug_ctrl) {
> + hotplug_handler_pre_plug(hotplug_ctrl, n->primary_dev, errp);
> + hotplug_handler_plug(hotplug_ctrl, n->primary_dev, errp);
> + }
> + if (!n->primary_dev) {
...and we do another NULL check here.
Either we don't need the NULL checks, or we need to avoid
calling qdev_set_parent_bus(NULL, ...).
(This is CID 1407224.)
> + error_setg(errp, "virtio_net: couldn't find primary device");
> + }
> + }
> + return *errp != NULL;
> +}
> +static int virtio_net_primary_should_be_hidden(DeviceListener *listener,
> + QemuOpts *device_opts)
> +{
> + VirtIONet *n = container_of(listener, VirtIONet, primary_listener);
> + bool match_found;
> + bool hide;
> +
> + n->primary_device_dict = qemu_opts_to_qdict(device_opts,
> + n->primary_device_dict);
Here we pass device_optns to qemu_opts_to_qdict(), which must
take a non-NULL pointer (it always dereferences it)...
> + if (n->primary_device_dict) {
> + g_free(n->standby_id);
> + n->standby_id = g_strdup(qdict_get_try_str(n->primary_device_dict,
> + "failover_pair_id"));
> + }
> + if (device_opts && g_strcmp0(n->standby_id, n->netclient_name) == 0) {
...but here we check whether device_opts is NULL.
Again, either the check or the call must be wrong.
(This is CID 1407222.)
> + match_found = true;
> + } else {
> + match_found = false;
> + hide = false;
> + g_free(n->standby_id);
> + n->primary_device_dict = NULL;
> + goto out;
> + }
thanks
-- PMM
next prev parent reply other threads:[~2019-11-12 10:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-29 22:59 [PULL 00/14] virtio: features, cleanups Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 01/14] qdev/qbus: add hidden device support Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 02/14] pci: add option for net failover Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 03/14] pci: mark devices partially unplugged Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 04/14] pci: mark device having guest unplug request pending Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 05/14] qapi: add unplug primary event Michael S. Tsirkin
2020-06-29 16:05 ` Eric Blake
2020-06-29 16:07 ` Eric Blake
2019-10-29 23:00 ` [PULL 06/14] qapi: add failover negotiated event Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 07/14] migration: allow unplug during migration for failover devices Michael S. Tsirkin
2019-10-29 23:00 ` [PULL 08/14] migration: add new migration state wait-unplug Michael S. Tsirkin
2020-06-27 21:49 ` Peter Maydell
2020-06-29 12:09 ` Dr. David Alan Gilbert
2020-06-29 14:00 ` Peter Maydell
2019-10-29 23:00 ` [PULL 09/14] libqos: tolerate wait-unplug migration state Michael S. Tsirkin
2019-10-29 23:01 ` [PULL 10/14] net/virtio: add failover support Michael S. Tsirkin
2019-11-12 10:08 ` Peter Maydell [this message]
2019-10-29 23:01 ` [PULL 11/14] vfio: unplug failover primary device before migration Michael S. Tsirkin
2019-11-12 10:13 ` Peter Maydell
2019-10-29 23:01 ` [PULL 12/14] virtio/vhost: Use auto_rcu_read macros Michael S. Tsirkin
2019-10-29 23:01 ` [PULL 13/14] virtio_net: use RCU_READ_LOCK_GUARD Michael S. Tsirkin
2019-10-29 23:38 ` [PULL 14/14] virtio: Use auto rcu_read macros Michael S. Tsirkin
2019-10-30 11:10 ` [PULL 00/14] virtio: features, cleanups Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA_LObSGtSBCd==L-qp4OyH8LgrpAPdBwzOkifk-kx8JSA@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=jasowang@redhat.com \
--cc=jfreimann@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).