* [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes
@ 2020-11-04 10:22 Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
` (3 more replies)
0 siblings, 4 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Fix three issues reported by coverity (CIDs 1436128, 1436129 and
1436131).
Klaus Jensen (3):
hw/block/nvme: fix null ns in register namespace
hw/block/nvme: fix uint16_t use of uint32_t sgls member
hw/block/nvme: fix free of array-typed value
hw/block/nvme.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--
2.29.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
` (2 subsequent siblings)
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Fix dereference after NULL check.
Reported-by: Coverity (CID 1436128)
Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index fa2cba744b57..080d782f1c2b 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2562,8 +2562,7 @@ int nvme_register_namespace(NvmeCtrl *n, NvmeNamespace *ns, Error **errp)
if (!nsid) {
for (int i = 1; i <= n->num_namespaces; i++) {
- NvmeNamespace *ns = nvme_ns(n, i);
- if (!ns) {
+ if (!nvme_ns(n, i)) {
nsid = ns->params.nsid = i;
break;
}
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
uint16_t.
Reported-by: Coverity (CID 1436129)
Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 080d782f1c2b..2bdc50eb6fce 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
* segments and/or descriptors. The controller might accept
* ignoring the rest of the SGL.
*/
- uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
+ uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
break;
}
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
namespaces member of NvmeCtrl is no longer a dynamically allocated
array. Remove the free.
Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
Reported-by: Coverity (CID 1436131)
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 2bdc50eb6fce..01b657b1c5e2 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2799,7 +2799,6 @@ static void nvme_exit(PCIDevice *pci_dev)
NvmeCtrl *n = NVME(pci_dev);
nvme_clear_ctrl(n);
- g_free(n->namespaces);
g_free(n->cq);
g_free(n->sq);
g_free(n->aer_reqs);
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
@ 2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 10:51 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> namespaces member of NvmeCtrl is no longer a dynamically allocated
> array. Remove the free.
>
> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> Reported-by: Coverity (CID 1436131)
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 1 -
> 1 file changed, 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
@ 2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:57 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix dereference after NULL check.
>
> Reported-by: Coverity (CID 1436128)
> Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
@ 2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:58 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
>
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
@ 2020-11-04 10:59 ` Max Reitz
2020-11-04 11:04 ` Klaus Jensen
1 sibling, 1 reply; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:59 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> namespaces member of NvmeCtrl is no longer a dynamically allocated
> array. Remove the free.
>
> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> Reported-by: Coverity (CID 1436131)
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 1 -
> 1 file changed, 1 deletion(-)
Thanks! :)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:59 ` Max Reitz
@ 2020-11-04 11:04 ` Klaus Jensen
2020-11-04 11:10 ` Max Reitz
0 siblings, 1 reply; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 11:04 UTC (permalink / raw)
To: Max Reitz
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, qemu-devel, Minwoo Im, Keith Busch
[-- Attachment #1: Type: text/plain, Size: 784 bytes --]
On Nov 4 11:59, Max Reitz wrote:
> On 04.11.20 11:22, Klaus Jensen wrote:
> > From: Klaus Jensen <k.jensen@samsung.com>
> >
> > Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> > namespaces member of NvmeCtrl is no longer a dynamically allocated
> > array. Remove the free.
> >
> > Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> > Reported-by: Coverity (CID 1436131)
> > Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> > ---
> > hw/block/nvme.c | 1 -
> > 1 file changed, 1 deletion(-)
>
> Thanks! :)
>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
>
Will Peter pick up fixes like this directly so we don't have to go
through a pull request from nvme-next?
Did I correctly annotate with "for-5.2"? :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:57 ` Max Reitz
@ 2020-11-04 11:08 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 11:08 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix dereference after NULL check.
>
> Reported-by: Coverity (CID 1436128)
> Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index fa2cba744b57..080d782f1c2b 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -2562,8 +2562,7 @@ int nvme_register_namespace(NvmeCtrl *n, NvmeNamespace *ns, Error **errp)
>
> if (!nsid) {
> for (int i = 1; i <= n->num_namespaces; i++) {
> - NvmeNamespace *ns = nvme_ns(n, i);
> - if (!ns) {
> + if (!nvme_ns(n, i)) {
> nsid = ns->params.nsid = i;
Uh.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> break;
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
2020-11-04 10:58 ` Max Reitz
@ 2020-11-04 11:09 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 11:09 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
>
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index 080d782f1c2b..2bdc50eb6fce 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
> * segments and/or descriptors. The controller might accept
> * ignoring the rest of the SGL.
> */
> - uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
> + uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
> if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
I'm surprise the compiler doesn't warn here.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> break;
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 11:04 ` Klaus Jensen
@ 2020-11-04 11:10 ` Max Reitz
0 siblings, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 11:10 UTC (permalink / raw)
To: Klaus Jensen
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, qemu-devel, Minwoo Im, Keith Busch
On 04.11.20 12:04, Klaus Jensen wrote:
> On Nov 4 11:59, Max Reitz wrote:
>> On 04.11.20 11:22, Klaus Jensen wrote:
>>> From: Klaus Jensen <k.jensen@samsung.com>
>>>
>>> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
>>> namespaces member of NvmeCtrl is no longer a dynamically allocated
>>> array. Remove the free.
>>>
>>> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
>>> Reported-by: Coverity (CID 1436131)
>>> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
>>> ---
>>> hw/block/nvme.c | 1 -
>>> 1 file changed, 1 deletion(-)
>>
>> Thanks! :)
>>
>> Reviewed-by: Max Reitz <mreitz@redhat.com>
>>
>
> Will Peter pick up fixes like this directly so we don't have to go
> through a pull request from nvme-next?
AFAIA, Peter only picks up build fixes. Since the build wasn’t broken,
I think someone™ will have to send a pull request...
I understand you don’t necessarily want to be that someone, so I suppose
I might as well.
> Did I correctly annotate with "for-5.2"? :)
Yes!
Max
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
` (2 preceding siblings ...)
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
@ 2020-11-04 11:11 ` Max Reitz
3 siblings, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 11:11 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix three issues reported by coverity (CIDs 1436128, 1436129 and
> 1436131).
>
> Klaus Jensen (3):
> hw/block/nvme: fix null ns in register namespace
> hw/block/nvme: fix uint16_t use of uint32_t sgls member
> hw/block/nvme: fix free of array-typed value
>
> hw/block/nvme.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Thanks again, applied to my block branch:
https://git.xanclic.moe/XanClic/qemu/commits/branch/block
Max
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-11-04 11:15 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
2020-11-04 11:04 ` Klaus Jensen
2020-11-04 11:10 ` Max Reitz
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.