From: Peter Maydell <peter.maydell@linaro.org>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: qemu-devel@nongnu.org, "Jeuk Kim" <jeuk20.kim@samsung.com>,
"Hanna Reitz" <hreitz@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
qemu-block@nongnu.org, "Kevin Wolf" <kwolf@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Thomas Huth" <thuth@redhat.com>, "Fam Zheng" <fam@euphon.net>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: Re: [PULL 4/5] hw/ufs: Support for UFS logical unit
Date: Thu, 14 Sep 2023 15:47:41 +0100 [thread overview]
Message-ID: <CAFEAcA_iusT008ZHtB-Q=a-aCFCOMoHiKfrhmPpNGWwGa720UA@mail.gmail.com> (raw)
In-Reply-To: <20230907181628.1594401-5-stefanha@redhat.com>
On Thu, 7 Sept 2023 at 19:18, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> From: Jeuk Kim <jeuk20.kim@samsung.com>
>
> This commit adds support for ufs logical unit.
> The LU handles processing for the SCSI command,
> unit descriptor query request.
>
> This commit enables the UFS device to process
> IO requests.
>
> Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
> Message-id: beacc504376ab6a14b1a3830bb3c69382cf6aebc.1693980783.git.jeuk20.kim@gmail.com
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
Hi; Coverity points out a NULL pointer dereference issue in
this code (CID 1519043):
> +static void ufs_lu_realize(SCSIDevice *dev, Error **errp)
> +{
> + UfsLu *lu = DO_UPCAST(UfsLu, qdev, dev);
> + BusState *s = qdev_get_parent_bus(&dev->qdev);
> + UfsHc *u = UFS(s->parent);
> + AioContext *ctx = NULL;
> + uint64_t nb_sectors, nb_blocks;
> +
> + if (!ufs_lu_check_constraints(lu, errp)) {
> + return;
> + }
> +
> + if (lu->qdev.conf.blk) {
Here we check whether lu->qdev.conf.blk is non-NULL, implying
that it can be NULL at this point...
> + ctx = blk_get_aio_context(lu->qdev.conf.blk);
> + aio_context_acquire(ctx);
> + if (!blkconf_blocksizes(&lu->qdev.conf, errp)) {
> + goto out;
> + }
> + }
> + lu->qdev.blocksize = UFS_BLOCK_SIZE;
> + blk_get_geometry(lu->qdev.conf.blk, &nb_sectors);
...but here we pass it to blk_get_geometry(), which will
unconditionally dereference it, and crashes if it is NULL.
Either the NULL check above is unnecessary, or else this
bit of the code needs to do something else for NULL.
> + nb_blocks = nb_sectors / (lu->qdev.blocksize / BDRV_SECTOR_SIZE);
> + if (nb_blocks > UINT32_MAX) {
> + nb_blocks = UINT32_MAX;
> + }
> + lu->qdev.max_lba = nb_blocks;
> + lu->qdev.type = TYPE_DISK;
> +
> + ufs_init_lu(lu);
> + if (!ufs_add_lu(u, lu, errp)) {
> + goto out;
> + }
> +
> + ufs_lu_brdv_init(lu, errp);
> +out:
> + if (ctx) {
> + aio_context_release(ctx);
> + }
> +}
thanks
-- PMM
next prev parent reply other threads:[~2023-09-14 14:48 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-07 18:16 [PULL 0/5] Block patches Stefan Hajnoczi
2023-09-07 18:16 ` [PULL 1/5] iothread: Set the GSource "name" field Stefan Hajnoczi
2023-09-07 18:16 ` [PULL 2/5] hw/ufs: Initial commit for emulated Universal-Flash-Storage Stefan Hajnoczi
2023-09-07 18:16 ` [PULL 3/5] hw/ufs: Support for Query Transfer Requests Stefan Hajnoczi
2023-09-14 14:40 ` Peter Maydell
2023-09-14 22:28 ` Jeuk Kim
2023-09-07 18:16 ` [PULL 4/5] hw/ufs: Support for UFS logical unit Stefan Hajnoczi
2023-09-14 14:27 ` Peter Maydell
2023-09-14 14:47 ` Peter Maydell [this message]
2023-09-14 17:31 ` Paolo Bonzini
2023-09-14 22:19 ` Jeuk Kim
2023-09-15 7:59 ` Paolo Bonzini
2023-09-18 4:41 ` Jeuk Kim
2023-09-18 4:52 ` Jeuk Kim
2023-09-21 8:38 ` Jeuk Kim
2023-10-04 1:18 ` Ping: " Jeuk Kim
2023-09-07 18:16 ` [PULL 5/5] tests/qtest: Introduce tests for UFS Stefan Hajnoczi
2023-09-08 15:55 ` [PULL 0/5] Block patches Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA_iusT008ZHtB-Q=a-aCFCOMoHiKfrhmPpNGWwGa720UA@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=berrange@redhat.com \
--cc=fam@euphon.net \
--cc=hreitz@redhat.com \
--cc=jeuk20.kim@samsung.com \
--cc=kwolf@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).