[PULL 01/22] hw/net/spapr: prevent potential NULL dereference

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Oleg Sviridov" <oleg.sviridov@red-soft.ru>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 01/22] hw/net/spapr: prevent potential NULL dereference
Date: Tue,  2 Jul 2024 07:00:51 +0200	[thread overview]
Message-ID: <20240702050112.35907-2-philmd@linaro.org> (raw)
In-Reply-To: <20240702050112.35907-1-philmd@linaro.org>

From: Oleg Sviridov <oleg.sviridov@red-soft.ru>

Pointer, returned from function 'spapr_vio_find_by_reg',
may be NULL and is dereferenced immediately after.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
Message-ID: <20240531073636.3779559-1-oleg.sviridov@red-soft.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 hw/net/spapr_llan.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index ecb30b7c76..8af33d91b6 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -770,6 +770,12 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU *cpu,
     SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
     int i;
 
+    if (!dev) {
+        hcall_dprintf("H_CHANGE_LOGICAL_LAN_MAC called when "
+                      "no NIC is present\n");
+        return H_PARAMETER;
+    }
+
     for (i = 0; i < ETH_ALEN; i++) {
         dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
         macaddr >>= 8;
-- 
2.41.0

next prev parent reply	other threads:[~2024-07-02  5:02 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-02  5:00 [PULL 00/22] Misc HW patches for 2024-07-02 Philippe Mathieu-Daudé
2024-07-02  5:00 ` Philippe Mathieu-Daudé [this message]
2024-07-02  5:00 ` [PULL 02/22] include/hw: add helpers for defining versioned machine types Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 03/22] hw/arm: convert 'virt' machine definitions to use new macros Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 04/22] hw/s390x: convert 'ccw' " Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 05/22] hw/ppc: convert 'spapr' " Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 06/22] hw/m68k: convert 'virt' " Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 07/22] hw/i386: convert 'i440fx' " Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 08/22] hw/i386: convert 'q35' " Philippe Mathieu-Daudé
2024-07-02  5:00 ` [PULL 09/22] include/hw: add macros for deprecation & removal of versioned machines Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 10/22] include/hw: temporarily disable deletion of versioned machine types Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 11/22] hw: set deprecation info for all " Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 12/22] hw: skip registration of outdated " Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 13/22] hw/ppc: remove obsolete manual deprecation reason string of spapr machines Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 14/22] hw/i386: remove obsolete manual deprecation reason string of i440fx machines Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 15/22] docs: document special exception for machine type deprecation & removal Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 16/22] system/physmem: Fix reference to dump-guest-core Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 17/22] hw/ide/macio: switch from using qemu_allocate_irq() to qdev input GPIOs Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 18/22] hvf: Drop ifdef for macOS versions older than 12.0 Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 19/22] audio: " Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 20/22] block/file-posix: " Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 21/22] net/vmnet: " Philippe Mathieu-Daudé
2024-07-02  5:01 ` [PULL 22/22] Remove inclusion of hw/hw.h from files that don't need it Philippe Mathieu-Daudé
2024-07-02 16:50 ` [PULL 00/22] Misc HW patches for 2024-07-02 Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ecb30b7c7 dfblob:8af33d91b )
 OR (
bs:"[PULL 01/22] hw/net/spapr: prevent potential NULL dereference" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240702050112.35907-2-philmd@linaro.org \
    --to=philmd@linaro.org \
    --cc=oleg.sviridov@red-soft.ru \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).