From: David Gibson <david@gibson.dropbear.id.au>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-ppc <qemu-ppc@nongnu.org>,
QEMU Developers <qemu-devel@nongnu.org>,
Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>,
Greg Kurz <groug@kaod.org>
Subject: Re: [PULL 24/30] spapr_pci: populate ibm,loc-code
Date: Tue, 10 Aug 2021 14:29:35 +1000 [thread overview]
Message-ID: <YRIAr6HIW742LSZd@yekko> (raw)
In-Reply-To: <CAFEAcA9TQKAU94OUuSzYH8A_7CFfSYc+R8-Mz4mai0vwMbjsxA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4492 bytes --]
On Mon, Aug 09, 2021 at 10:57:00AM +0100, Peter Maydell wrote:
> On Tue, 7 Jul 2015 at 16:49, Alexander Graf <agraf@suse.de> wrote:
> >
> > From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
> >
> > Each hardware instance has a platform unique location code. The OF
> > device tree that describes a part of a hardware entity must include
> > the “ibm,loc-code” property with a value that represents the location
> > code for that hardware entity.
> >
> > Populate ibm,loc-code.
>
> Ancient patch, but Coverity has just noticed a bug in it
> which is still present in current QEMU (CID 1460454):
>
> > +static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
> > +{
> > + char *path = NULL, *buf = NULL, *host = NULL;
> > +
> > + /* Get the PCI VFIO host id */
> > + host = object_property_get_str(OBJECT(pdev), "host", NULL);
> > + if (!host) {
> > + goto err_out;
> > + }
> > +
> > + /* Construct the path of the file that will give us the DT location */
> > + path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
> > + g_free(host);
> > + if (!path || !g_file_get_contents(path, &buf, NULL, NULL)) {
> > + goto err_out;
> > + }
> > + g_free(path);
>
> Here we create a 'path' string, use it as the argument to
> g_file_get_contents() and then free it (either here or in the err_out path)...
>
> > +
> > + /* Construct and read from host device tree the loc-code */
> > + path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
> > + g_free(buf);
> > + if (!path || !g_file_get_contents(path, &buf, NULL, NULL)) {
> > + goto err_out;
> > + }
> > + return buf;
>
> ...but here we forget to free it before returning in the success case.
>
> > +
> > +err_out:
> > + g_free(path);
> > + return NULL;
> > +}
>
> Cleanest fix would be to declare 'path' and 'host' as
> g_autofree char *path = NULL;
> g_autofree char *host = NULL;
> and then you can remove all the manual g_free(path) and g_free(host) calls.
Thanks for the report. I've committed the fix (I hope) below to ppc-for-6.1:
From 70ae61b510dc571c407b28c46498cae60e60ca66 Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Tue, 10 Aug 2021 14:28:19 +1000
Subject: [PATCH] spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with
g_autofree
This uses g_autofree to simplify logic in spapr_phb_vfio_get_loc_code(),
in the process fixing a leak in one of the paths. I'm told this fixes
Coverity error CID 1460454
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 16b0ea1d852 ("spapr_pci: populate ibm,loc-code")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
hw/ppc/spapr_pci.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 7a725855f9..13d806f390 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -782,33 +782,28 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb, PCIDevice *pdev)
{
- char *path = NULL, *buf = NULL, *host = NULL;
+ g_autofree char *path = NULL;
+ g_autofree char *host = NULL;
+ char *buf = NULL;
/* Get the PCI VFIO host id */
host = object_property_get_str(OBJECT(pdev), "host", NULL);
if (!host) {
- goto err_out;
+ return NULL;
}
/* Construct the path of the file that will give us the DT location */
path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
- g_free(host);
if (!g_file_get_contents(path, &buf, NULL, NULL)) {
- goto err_out;
+ return NULL;
}
- g_free(path);
/* Construct and read from host device tree the loc-code */
path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
- g_free(buf);
if (!g_file_get_contents(path, &buf, NULL, NULL)) {
- goto err_out;
+ return NULL;
}
return buf;
-
-err_out:
- g_free(path);
- return NULL;
}
static char *spapr_phb_get_loc_code(SpaprPhbState *sphb, PCIDevice *pdev)
--
2.31.1
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-08-10 4:42 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-07 15:49 [Qemu-devel] [PULL 00/30] ppc patch queue 2015-07-07 for 2.4 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 01/30] linux-user, ppc: mftbl can be used by user application Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 02/30] macio: remove nonexistent interrupt on pin 1 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 03/30] target-ppc: fix hugepage support when using memory-backend-file Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 04/30] spapr: ensure we have at least one XICS server Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 05/30] pseries: Update SLOF firmware image to qemu-slof-20150429 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 06/30] spapr: Merge sPAPREnvironment into sPAPRMachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 07/30] spapr: Remove obsolete ram_limit field from sPAPRMachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 08/30] spapr: Remove obsolete entry_point " Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 09/30] spapr: Add sPAPRMachineClass Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 10/30] spapr_pci: encode missing 64-bit memory address space Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 11/30] spapr_pci: encode class code including Prog IF register Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 12/30] spapr_pci: set device node unit address as hex Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 13/30] spapr_iommu: drop erroneous check in h_put_tce_indirect() Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 14/30] spapr_iommu: translate sPAPRTCEAccess to IOMMUAccessFlags Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 15/30] Revert "hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*)" Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 16/30] spapr: Consider max_cpus during xics initialization Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 17/30] spapr: Support ibm, lrdr-capacity device tree property Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 18/30] cpus: Add a macro to walk CPUs in reverse Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 19/30] spapr: Reorganize CPU dt generation code Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 20/30] spapr: Consolidate cpu init code into a routine Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 21/30] ppc: Update cpu_model in MachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 22/30] xics_kvm: Don't enable KVM_CAP_IRQ_XICS if already enabled Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 23/30] spapr_pci: enumerate and add PCI device tree Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 24/30] spapr_pci: populate ibm,loc-code Alexander Graf
2021-08-09 9:57 ` Peter Maydell
2021-08-10 4:29 ` David Gibson [this message]
2021-08-10 5:07 ` Philippe Mathieu-Daudé
2021-08-13 15:17 ` Peter Maydell
2021-08-15 14:36 ` Philippe Mathieu-Daudé
2021-08-16 4:37 ` David Gibson
2021-08-16 9:07 ` Peter Maydell
2021-08-17 3:02 ` David Gibson
2021-08-17 8:42 ` Philippe Mathieu-Daudé
2015-07-07 15:49 ` [Qemu-devel] [PULL 25/30] spapr_pci: drop redundant args in spapr_[populate, create]_pci_child_dt Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 26/30] spapr_vty: lookup should only return valid VTY objects Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 27/30] spapr-vty: Use TYPE_ definition instead of hardcoding Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 28/30] sPAPR: Don't enable EEH on emulated PCI devices Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 29/30] sPAPR: Reenable EEH functionality on reboot Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 30/30] sPAPR: Clear stale MSIx table during EEH reset Alexander Graf
2015-07-07 22:16 ` [Qemu-devel] [PULL 00/30] ppc patch queue 2015-07-07 for 2.4 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YRIAr6HIW742LSZd@yekko \
--to=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=nikunj@linux.vnet.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.