[PULL 15/16] vfio/pci: Fix a segfault in vfio_realize

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Cédric Le Goater" <clg@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Richard Henderson" <richard.henderson@linaro.org>,
	"Alex Williamson" <alex.williamson@redhat.com>,
	"Zhenzhong Duan" <zhenzhong.duan@intel.com>,
	"Cédric Le Goater" <clg@redhat.com>,
	"Joao Martins" <joao.m.martins@oracle.com>
Subject: [PULL 15/16] vfio/pci: Fix a segfault in vfio_realize
Date: Fri, 30 Jun 2023 07:22:34 +0200	[thread overview]
Message-ID: <20230630052235.1934154-16-clg@redhat.com> (raw)
In-Reply-To: <20230630052235.1934154-1-clg@redhat.com>

From: Zhenzhong Duan <zhenzhong.duan@intel.com>

The kvm irqchip notifier is only registered if the device supports
INTx, however it's unconditionally removed in vfio realize error
path. If the assigned device does not support INTx, this will cause
QEMU to crash when vfio realize fails. Change it to conditionally
remove the notifier only if the notify hook is setup.

Before fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Connection closed by foreign host.

After fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Error: vfio 0000:81:11.1: xres and yres properties require display=on
(qemu)

Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/pci.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 73e19a04b2bf..48df517f79ee 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3221,7 +3221,9 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
 
 out_deregister:
     pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
-    kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+    if (vdev->irqchip_change_notifier.notify) {
+        kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+    }
 out_teardown:
     vfio_teardown_msi(vdev);
     vfio_bars_exit(vdev);
-- 
2.41.0

next prev parent reply	other threads:[~2023-06-30  5:28 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-30  5:22 [PULL 00/16] vfio queue Cédric Le Goater
2023-06-30  5:22 ` [PULL 01/16] migration: Add switchover ack capability Cédric Le Goater
2023-06-30  5:22 ` [PULL 02/16] migration: Implement switchover ack logic Cédric Le Goater
2023-06-30  5:22 ` [PULL 03/16] migration: Enable switchover ack capability Cédric Le Goater
2023-06-30  5:22 ` [PULL 04/16] tests: Add migration switchover ack capability test Cédric Le Goater
2023-06-30  5:22 ` [PULL 05/16] vfio/migration: Refactor vfio_save_block() to return saved data size Cédric Le Goater
2023-06-30  5:22 ` [PULL 06/16] vfio/migration: Store VFIO migration flags in VFIOMigration Cédric Le Goater
2023-06-30  5:22 ` [PULL 07/16] vfio/migration: Add VFIO migration pre-copy support Cédric Le Goater
2023-06-30  5:22 ` [PULL 08/16] vfio/migration: Add support for switchover ack capability Cédric Le Goater
2023-06-30  5:22 ` [PULL 09/16] vfio: Implement a common device info helper Cédric Le Goater
2023-06-30  5:22 ` [PULL 10/16] hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques Cédric Le Goater
2023-06-30  5:22 ` [PULL 11/16] vfio/pci: Call vfio_prepare_kvm_msi_virq_batch() in MSI retry path Cédric Le Goater
2023-06-30 15:59   ` Michael Tokarev
2023-06-30  5:22 ` [PULL 12/16] vfio/migration: Reset bytes_transferred properly Cédric Le Goater
2023-06-30  5:22 ` [PULL 13/16] vfio/migration: Make VFIO migration non-experimental Cédric Le Goater
2023-06-30  5:22 ` [PULL 14/16] MAINTAINERS: Promote Cédric to VFIO co-maintainer Cédric Le Goater
2023-06-30  5:22 ` Cédric Le Goater [this message]
2023-06-30  5:22 ` [PULL 16/16] vfio/pci: Free leaked timer in vfio_realize error path Cédric Le Goater
2023-06-30  9:55 ` [PULL 00/16] vfio queue Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:73e19a04b2b dfblob:48df517f79e )
 OR (
bs:"[PULL 15/16] vfio/pci: Fix a segfault in vfio_realize" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230630052235.1934154-16-clg@redhat.com \
    --to=clg@redhat.com \
    --cc=alex.williamson@redhat.com \
    --cc=joao.m.martins@oracle.com \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=zhenzhong.duan@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).