[Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device
@ 2017-08-21 15:50 Eduardo Otubo
  2017-08-22  1:19 ` Zhang Chen
  2017-09-14  7:50 ` [Qemu-devel] " Michael Tokarev
  0 siblings, 2 replies; 5+ messages in thread
From: Eduardo Otubo @ 2017-08-21 15:50 UTC (permalink / raw)
  To: qemu-trivial; +Cc: qemu-devel, zhangchen.fnst, lizhijian, mjt

When using filter-mirror like the example below where the interface
'ndev0' does not exist on the host, QEMU crashes into segmentation
fault.

 $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0

This happens because the function filter_mirror_setup() does not checks
if the device actually exists and still keep on processing calling
qemu_chr_find(). This patch fixes this issue.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
 net/filter-mirror.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 90e2c92337..e18a4b16a0 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
     MirrorState *s = FILTER_MIRROR(nf);
     Chardev *chr;
 
+    if (s->outdev == NULL) {
+        goto err;
+    }
+
     chr = qemu_chr_find(s->outdev);
+
     if (chr == NULL) {
-        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
-                  "Device '%s' not found", s->outdev);
-        return;
+        goto err;
     }
 
     qemu_chr_fe_init(&s->chr_out, chr, errp);
+
+err:
+    error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
+              nf->netdev_id);
+    return;
 }
 
 static void redirector_rs_finalize(SocketReadState *rs)
-- 
2.13.5

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device
  2017-08-21 15:50 [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device Eduardo Otubo
@ 2017-08-22  1:19 ` Zhang Chen
  2017-09-07  8:27   ` [Qemu-devel] [Qemu-trivial] " Eduardo Otubo
  2017-09-29 10:57   ` Eduardo Otubo
  2017-09-14  7:50 ` [Qemu-devel] " Michael Tokarev
  1 sibling, 2 replies; 5+ messages in thread
From: Zhang Chen @ 2017-08-22  1:19 UTC (permalink / raw)
  To: Eduardo Otubo, qemu-trivial; +Cc: zhangchen.fnst, qemu-devel, lizhijian, mjt



On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> When using filter-mirror like the example below where the interface
> 'ndev0' does not exist on the host, QEMU crashes into segmentation
> fault.
>
>   $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
>
> This happens because the function filter_mirror_setup() does not checks
> if the device actually exists and still keep on processing calling
> qemu_chr_find(). This patch fixes this issue.
>
> Signed-off-by: Eduardo Otubo <otubo@redhat.com>

Looks good for me.

Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>

Thanks
Zhang Chen

> ---
>   net/filter-mirror.c | 14 +++++++++++---
>   1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> index 90e2c92337..e18a4b16a0 100644
> --- a/net/filter-mirror.c
> +++ b/net/filter-mirror.c
> @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
>       MirrorState *s = FILTER_MIRROR(nf);
>       Chardev *chr;
>   
> +    if (s->outdev == NULL) {
> +        goto err;
> +    }
> +
>       chr = qemu_chr_find(s->outdev);
> +
>       if (chr == NULL) {
> -        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> -                  "Device '%s' not found", s->outdev);
> -        return;
> +        goto err;
>       }
>   
>       qemu_chr_fe_init(&s->chr_out, chr, errp);
> +
> +err:
> +    error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> +              nf->netdev_id);
> +    return;
>   }
>   
>   static void redirector_rs_finalize(SocketReadState *rs)

-- 
Thanks
Zhang Chen

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [Qemu-trivial] [PATCH] filter-mirror: segfault when specifying non existent device
  2017-08-22  1:19 ` Zhang Chen
@ 2017-09-07  8:27   ` Eduardo Otubo
  2017-09-29 10:57   ` Eduardo Otubo
  1 sibling, 0 replies; 5+ messages in thread
From: Eduardo Otubo @ 2017-09-07  8:27 UTC (permalink / raw)
  To: Zhang Chen; +Cc: qemu-trivial, lizhijian, mjt, qemu-devel

On Tue, Aug 22, 2017 at 09:19:20AM +0800, Zhang Chen wrote:
> 
> 
> On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> > When using filter-mirror like the example below where the interface
> > 'ndev0' does not exist on the host, QEMU crashes into segmentation
> > fault.
> > 
> >   $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
> > 
> > This happens because the function filter_mirror_setup() does not checks
> > if the device actually exists and still keep on processing calling
> > qemu_chr_find(). This patch fixes this issue.
> > 
> > Signed-off-by: Eduardo Otubo <otubo@redhat.com>
> 
> Looks good for me.
> 
> Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>

Ping.

> 
> Thanks
> Zhang Chen
> 
> > ---
> >   net/filter-mirror.c | 14 +++++++++++---
> >   1 file changed, 11 insertions(+), 3 deletions(-)
> > 
> > diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> > index 90e2c92337..e18a4b16a0 100644
> > --- a/net/filter-mirror.c
> > +++ b/net/filter-mirror.c
> > @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> >       MirrorState *s = FILTER_MIRROR(nf);
> >       Chardev *chr;
> > +    if (s->outdev == NULL) {
> > +        goto err;
> > +    }
> > +
> >       chr = qemu_chr_find(s->outdev);
> > +
> >       if (chr == NULL) {
> > -        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> > -                  "Device '%s' not found", s->outdev);
> > -        return;
> > +        goto err;
> >       }
> >       qemu_chr_fe_init(&s->chr_out, chr, errp);
> > +
> > +err:
> > +    error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> > +              nf->netdev_id);
> > +    return;
> >   }
> >   static void redirector_rs_finalize(SocketReadState *rs)
> 
> -- 
> Thanks
> Zhang Chen
> 
> 
> 
> 

-- 
Eduardo Otubo
Senior Software Engineer @ RedHat

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [Qemu-trivial] [PATCH] filter-mirror: segfault when specifying non existent device
  2017-08-22  1:19 ` Zhang Chen
  2017-09-07  8:27   ` [Qemu-devel] [Qemu-trivial] " Eduardo Otubo
@ 2017-09-29 10:57   ` Eduardo Otubo
  1 sibling, 0 replies; 5+ messages in thread
From: Eduardo Otubo @ 2017-09-29 10:57 UTC (permalink / raw)
  To: Zhang Chen; +Cc: qemu-trivial, lizhijian, mjt, qemu-devel

On Tue, Aug 22, 2017 at 09:19:20AM +0800, Zhang Chen wrote:
> 
> 
> On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> > When using filter-mirror like the example below where the interface
> > 'ndev0' does not exist on the host, QEMU crashes into segmentation
> > fault.
> > 
> >   $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
> > 
> > This happens because the function filter_mirror_setup() does not checks
> > if the device actually exists and still keep on processing calling
> > qemu_chr_find(). This patch fixes this issue.
> > 
> > Signed-off-by: Eduardo Otubo <otubo@redhat.com>
> 
> Looks good for me.
> 
> Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>
> 
> Thanks
> Zhang Chen
> 

So Peter and Michael pointed that this patch didn't pass on make check causing
this:

qemu-system-x86_64: -object
filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0: Device
'qtest-bn0' not found                                                                                                                   
Broken pipe                                                
GTester: last random seed: R02S4f1b7fb2da540e3e36e962f19f19ac65                                                        

(tests/test-filter-mirror:6059): GLib-CRITICAL **: g_hook_destroy_link:
assertion 'hook != NULL' failed                
make: *** [/home/otubo/develop/qemu/otubo/tests/Makefile.include:847:
check-qtest-x86_64] Error 1                      
otubo@vader ~/develop/qemu/otubo netdev_segfault $ git show

> > ---
> >   net/filter-mirror.c | 14 +++++++++++---
> >   1 file changed, 11 insertions(+), 3 deletions(-)
> > 
> > diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> > index 90e2c92337..e18a4b16a0 100644
> > --- a/net/filter-mirror.c
> > +++ b/net/filter-mirror.c
> > @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> >       MirrorState *s = FILTER_MIRROR(nf);
> >       Chardev *chr;
> > +    if (s->outdev == NULL) {
> > +        goto err;
> > +    }
> > +
> >       chr = qemu_chr_find(s->outdev);
> > +
> >       if (chr == NULL) {
> > -        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> > -                  "Device '%s' not found", s->outdev);
> > -        return;
> > +        goto err;
> >       }
> >       qemu_chr_fe_init(&s->chr_out, chr, errp);

And the reason was there was no return after qemu_chr_fe_init, making it fatally
go to the "err:" label.

> > +
> > +err:
> > +    error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> > +              nf->netdev_id);

Also, "nf->netdev_id" wasn't the device not found, but "s->outdev"; which makes
sense to have two error messages here one for when Null and one for when it's
not found, otherwise we'd fall into not very clear error messages like:

qemu-system-x86_64: -object filter-mirror,id=test-object,netdev=ndev0: Device
'(null)' not found

I'm fixing all this and sending a v2 shortly.
Thanks for the review and tests.

-- 
Eduardo Otubo
Senior Software Engineer @ RedHat

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device
  2017-08-21 15:50 [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device Eduardo Otubo
  2017-08-22  1:19 ` Zhang Chen
@ 2017-09-14  7:50 ` Michael Tokarev
  1 sibling, 0 replies; 5+ messages in thread
From: Michael Tokarev @ 2017-09-14  7:50 UTC (permalink / raw)
  To: Eduardo Otubo, qemu-trivial; +Cc: lizhijian, qemu-devel, zhangchen.fnst

21.08.2017 18:50, Eduardo Otubo wrote:
> When using filter-mirror like the example below where the interface
> 'ndev0' does not exist on the host, QEMU crashes into segmentation
> fault.

Applied to -trivial, thanks!

/mjt

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-09-29 10:57 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-21 15:50 [Qemu-devel] [PATCH] filter-mirror: segfault when specifying non existent device Eduardo Otubo
2017-08-22  1:19 ` Zhang Chen
2017-09-07  8:27   ` [Qemu-devel] [Qemu-trivial] " Eduardo Otubo
2017-09-29 10:57   ` Eduardo Otubo
2017-09-14  7:50 ` [Qemu-devel] " Michael Tokarev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).