* [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes
@ 2020-11-04 10:22 Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
` (3 more replies)
0 siblings, 4 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Fix three issues reported by coverity (CIDs 1436128, 1436129 and
1436131).
Klaus Jensen (3):
hw/block/nvme: fix null ns in register namespace
hw/block/nvme: fix uint16_t use of uint32_t sgls member
hw/block/nvme: fix free of array-typed value
hw/block/nvme.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--
2.29.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
` (2 subsequent siblings)
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Fix dereference after NULL check.
Reported-by: Coverity (CID 1436128)
Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index fa2cba744b57..080d782f1c2b 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2562,8 +2562,7 @@ int nvme_register_namespace(NvmeCtrl *n, NvmeNamespace *ns, Error **errp)
if (!nsid) {
for (int i = 1; i <= n->num_namespaces; i++) {
- NvmeNamespace *ns = nvme_ns(n, i);
- if (!ns) {
+ if (!nvme_ns(n, i)) {
nsid = ns->params.nsid = i;
break;
}
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
uint16_t.
Reported-by: Coverity (CID 1436129)
Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 080d782f1c2b..2bdc50eb6fce 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
* segments and/or descriptors. The controller might accept
* ignoring the rest of the SGL.
*/
- uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
+ uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
break;
}
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
@ 2020-11-04 10:22 ` Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
3 siblings, 2 replies; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 10:22 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Keith Busch, Minwoo Im, Klaus Jensen
From: Klaus Jensen <k.jensen@samsung.com>
Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
namespaces member of NvmeCtrl is no longer a dynamically allocated
array. Remove the free.
Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
Reported-by: Coverity (CID 1436131)
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
---
hw/block/nvme.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 2bdc50eb6fce..01b657b1c5e2 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2799,7 +2799,6 @@ static void nvme_exit(PCIDevice *pci_dev)
NvmeCtrl *n = NVME(pci_dev);
nvme_clear_ctrl(n);
- g_free(n->namespaces);
g_free(n->cq);
g_free(n->sq);
g_free(n->aer_reqs);
--
2.29.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
@ 2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 10:51 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> namespaces member of NvmeCtrl is no longer a dynamically allocated
> array. Remove the free.
>
> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> Reported-by: Coverity (CID 1436131)
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 1 -
> 1 file changed, 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
@ 2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:57 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix dereference after NULL check.
>
> Reported-by: Coverity (CID 1436128)
> Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
@ 2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:58 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
>
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
@ 2020-11-04 10:59 ` Max Reitz
2020-11-04 11:04 ` Klaus Jensen
1 sibling, 1 reply; 13+ messages in thread
From: Max Reitz @ 2020-11-04 10:59 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> namespaces member of NvmeCtrl is no longer a dynamically allocated
> array. Remove the free.
>
> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> Reported-by: Coverity (CID 1436131)
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 1 -
> 1 file changed, 1 deletion(-)
Thanks! :)
Reviewed-by: Max Reitz <mreitz@redhat.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 10:59 ` Max Reitz
@ 2020-11-04 11:04 ` Klaus Jensen
2020-11-04 11:10 ` Max Reitz
0 siblings, 1 reply; 13+ messages in thread
From: Klaus Jensen @ 2020-11-04 11:04 UTC (permalink / raw)
To: Max Reitz
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, qemu-devel, Minwoo Im, Keith Busch
[-- Attachment #1: Type: text/plain, Size: 784 bytes --]
On Nov 4 11:59, Max Reitz wrote:
> On 04.11.20 11:22, Klaus Jensen wrote:
> > From: Klaus Jensen <k.jensen@samsung.com>
> >
> > Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
> > namespaces member of NvmeCtrl is no longer a dynamically allocated
> > array. Remove the free.
> >
> > Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
> > Reported-by: Coverity (CID 1436131)
> > Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> > ---
> > hw/block/nvme.c | 1 -
> > 1 file changed, 1 deletion(-)
>
> Thanks! :)
>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
>
Will Peter pick up fixes like this directly so we don't have to go
through a pull request from nvme-next?
Did I correctly annotate with "for-5.2"? :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:57 ` Max Reitz
@ 2020-11-04 11:08 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 11:08 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix dereference after NULL check.
>
> Reported-by: Coverity (CID 1436128)
> Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index fa2cba744b57..080d782f1c2b 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -2562,8 +2562,7 @@ int nvme_register_namespace(NvmeCtrl *n, NvmeNamespace *ns, Error **errp)
>
> if (!nsid) {
> for (int i = 1; i <= n->num_namespaces; i++) {
> - NvmeNamespace *ns = nvme_ns(n, i);
> - if (!ns) {
> + if (!nvme_ns(n, i)) {
> nsid = ns->params.nsid = i;
Uh.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> break;
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
2020-11-04 10:58 ` Max Reitz
@ 2020-11-04 11:09 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-04 11:09 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Max Reitz, Minwoo Im, Keith Busch
On 11/4/20 11:22 AM, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
> uint16_t.
>
> Reported-by: Coverity (CID 1436129)
> Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
> ---
> hw/block/nvme.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index 080d782f1c2b..2bdc50eb6fce 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -452,7 +452,7 @@ static uint16_t nvme_map_sgl_data(NvmeCtrl *n, QEMUSGList *qsg,
> * segments and/or descriptors. The controller might accept
> * ignoring the rest of the SGL.
> */
> - uint16_t sgls = le16_to_cpu(n->id_ctrl.sgls);
> + uint32_t sgls = le32_to_cpu(n->id_ctrl.sgls);
> if (sgls & NVME_CTRL_SGLS_EXCESS_LENGTH) {
I'm surprise the compiler doesn't warn here.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> break;
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value
2020-11-04 11:04 ` Klaus Jensen
@ 2020-11-04 11:10 ` Max Reitz
0 siblings, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 11:10 UTC (permalink / raw)
To: Klaus Jensen
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, qemu-devel, Minwoo Im, Keith Busch
On 04.11.20 12:04, Klaus Jensen wrote:
> On Nov 4 11:59, Max Reitz wrote:
>> On 04.11.20 11:22, Klaus Jensen wrote:
>>> From: Klaus Jensen <k.jensen@samsung.com>
>>>
>>> Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
>>> namespaces member of NvmeCtrl is no longer a dynamically allocated
>>> array. Remove the free.
>>>
>>> Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
>>> Reported-by: Coverity (CID 1436131)
>>> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
>>> ---
>>> hw/block/nvme.c | 1 -
>>> 1 file changed, 1 deletion(-)
>>
>> Thanks! :)
>>
>> Reviewed-by: Max Reitz <mreitz@redhat.com>
>>
>
> Will Peter pick up fixes like this directly so we don't have to go
> through a pull request from nvme-next?
AFAIA, Peter only picks up build fixes. Since the build wasn’t broken,
I think someone™ will have to send a pull request...
I understand you don’t necessarily want to be that someone, so I suppose
I might as well.
> Did I correctly annotate with "for-5.2"? :)
Yes!
Max
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
` (2 preceding siblings ...)
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
@ 2020-11-04 11:11 ` Max Reitz
3 siblings, 0 replies; 13+ messages in thread
From: Max Reitz @ 2020-11-04 11:11 UTC (permalink / raw)
To: Klaus Jensen, qemu-devel
Cc: Kevin Wolf, Peter Maydell, qemu-block, Dmitry Fomichev,
Klaus Jensen, Minwoo Im, Keith Busch
On 04.11.20 11:22, Klaus Jensen wrote:
> From: Klaus Jensen <k.jensen@samsung.com>
>
> Fix three issues reported by coverity (CIDs 1436128, 1436129 and
> 1436131).
>
> Klaus Jensen (3):
> hw/block/nvme: fix null ns in register namespace
> hw/block/nvme: fix uint16_t use of uint32_t sgls member
> hw/block/nvme: fix free of array-typed value
>
> hw/block/nvme.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Thanks again, applied to my block branch:
https://git.xanclic.moe/XanClic/qemu/commits/branch/block
Max
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-11-04 11:15 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-04 10:22 [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Klaus Jensen
2020-11-04 10:22 ` [PATCH for-5.2 1/3] hw/block/nvme: fix null ns in register namespace Klaus Jensen
2020-11-04 10:57 ` Max Reitz
2020-11-04 11:08 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 2/3] hw/block/nvme: fix uint16_t use of uint32_t sgls member Klaus Jensen
2020-11-04 10:58 ` Max Reitz
2020-11-04 11:09 ` Philippe Mathieu-Daudé
2020-11-04 10:22 ` [PATCH for-5.2 3/3] hw/block/nvme: fix free of array-typed value Klaus Jensen
2020-11-04 10:51 ` Philippe Mathieu-Daudé
2020-11-04 10:59 ` Max Reitz
2020-11-04 11:04 ` Klaus Jensen
2020-11-04 11:10 ` Max Reitz
2020-11-04 11:11 ` [PATCH for-5.2 0/3] hw/block/nvme: coverity fixes Max Reitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).