[v1] VFIO: misc cleanups part2

[PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

Posted by Zhenzhong Duan 1 year, 11 months ago

vfio_display_dmabuf_init() and vfio_display_region_init() calls
ramfb_setup() without checking its return value.

So we may run into a situation that vfio_display_probe() succeed
but errp is set. This is risky and may lead to assert failure in
error_setv().

Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: b290659fc3d ("hw/vfio/display: add ramfb support")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 hw/vfio/display.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/vfio/display.c b/hw/vfio/display.c
index 1aa440c663..57c5ae0b2a 100644
--- a/hw/vfio/display.c
+++ b/hw/vfio/display.c
@@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp)
                                           vdev);
     if (vdev->enable_ramfb) {
         vdev->dpy->ramfb = ramfb_setup(errp);
+        if (!vdev->dpy->ramfb) {
+            return -EINVAL;
+        }
     }
     vfio_display_edid_init(vdev);
     return 0;
@@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp)
                                           vdev);
     if (vdev->enable_ramfb) {
         vdev->dpy->ramfb = ramfb_setup(errp);
+        if (!vdev->dpy->ramfb) {
+            return -EINVAL;
+        }
     }
     return 0;
 }
-- 
2.34.1

Re: [PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

Posted by Cédric Le Goater 1 year, 10 months ago

On 5/15/24 10:20, Zhenzhong Duan wrote:
> vfio_display_dmabuf_init() and vfio_display_region_init() calls
> ramfb_setup() without checking its return value.
> 
> So we may run into a situation that vfio_display_probe() succeed
> but errp is set. This is risky and may lead to assert failure in
> error_setv().
> 
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Fixes: b290659fc3d ("hw/vfio/display: add ramfb support")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>

Reviewed-by: Cédric Le Goater <clg@redhat.com>

Thanks,

C.


> ---
>   hw/vfio/display.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/hw/vfio/display.c b/hw/vfio/display.c
> index 1aa440c663..57c5ae0b2a 100644
> --- a/hw/vfio/display.c
> +++ b/hw/vfio/display.c
> @@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp)
>                                             vdev);
>       if (vdev->enable_ramfb) {
>           vdev->dpy->ramfb = ramfb_setup(errp);
> +        if (!vdev->dpy->ramfb) {
> +            return -EINVAL;
> +        }
>       }
>       vfio_display_edid_init(vdev);
>       return 0;
> @@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp)
>                                             vdev);
>       if (vdev->enable_ramfb) {
>           vdev->dpy->ramfb = ramfb_setup(errp);
> +        if (!vdev->dpy->ramfb) {
> +            return -EINVAL;
> +        }
>       }
>       return 0;
>   }