* hw: nvme: Separate 'serial' property for VFs
[not found] <CGME20240109022953epcms2p54550dcfc9f831a515206513ae98e7511@epcms2p5>
@ 2024-01-09 2:29 ` Minwoo Im
2024-01-10 6:59 ` Klaus Jensen
0 siblings, 1 reply; 2+ messages in thread
From: Minwoo Im @ 2024-01-09 2:29 UTC (permalink / raw)
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, minwoo.im.dev@gmail.com, Minwoo Im
Currently, when a VF is created, it uses the 'params' object of the PF
as it is. In other words, the 'params.serial' string memory area is
also shared. In this situation, if the VF is removed from the system,
the PF's 'params.serial' object is released with object_finalize()
followed by object_property_del_all() which release the memory for
'serial' property. If that happens, the next VF created will inherit
a serial from a corrupted memory area.
If this happens, an error will occur when comparing subsys->serial and
n->params.serial in the nvme_subsys_register_ctrl() function.
Cc: qemu-stable@nongnu.org
Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV")
Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
---
hw/nvme/ctrl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index f026245d1e..a0ba3529cd 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -8309,9 +8309,15 @@ static void nvme_realize(PCIDevice *pci_dev, Error **errp)
if (pci_is_vf(pci_dev)) {
/*
* VFs derive settings from the parent. PF's lifespan exceeds
- * that of VF's, so it's safe to share params.serial.
+ * that of VF's.
*/
memcpy(&n->params, &pn->params, sizeof(NvmeParams));
+
+ /*
+ * Set PF's serial value to a new string memory to prevent 'serial'
+ * property object release of PF when a VF is removed from the system.
+ */
+ n->params.serial = g_strdup(pn->params.serial);
n->subsys = pn->subsys;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: hw: nvme: Separate 'serial' property for VFs
2024-01-09 2:29 ` hw: nvme: Separate 'serial' property for VFs Minwoo Im
@ 2024-01-10 6:59 ` Klaus Jensen
0 siblings, 0 replies; 2+ messages in thread
From: Klaus Jensen @ 2024-01-10 6:59 UTC (permalink / raw)
To: Minwoo Im
Cc: qemu-devel@nongnu.org, qemu-stable@nongnu.org,
minwoo.im.dev@gmail.com
[-- Attachment #1: Type: text/plain, Size: 886 bytes --]
On Jan 9 11:29, Minwoo Im wrote:
> Currently, when a VF is created, it uses the 'params' object of the PF
> as it is. In other words, the 'params.serial' string memory area is
> also shared. In this situation, if the VF is removed from the system,
> the PF's 'params.serial' object is released with object_finalize()
> followed by object_property_del_all() which release the memory for
> 'serial' property. If that happens, the next VF created will inherit
> a serial from a corrupted memory area.
>
> If this happens, an error will occur when comparing subsys->serial and
> n->params.serial in the nvme_subsys_register_ctrl() function.
>
> Cc: qemu-stable@nongnu.org
> Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV")
> Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
Thanks Minwoo! Queued on nvme-next.
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-10 6:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CGME20240109022953epcms2p54550dcfc9f831a515206513ae98e7511@epcms2p5>
2024-01-09 2:29 ` hw: nvme: Separate 'serial' property for VFs Minwoo Im
2024-01-10 6:59 ` Klaus Jensen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).