qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/virtio/vhost-user: avoid using unitialized errp

From: Albert Esteve
Subject: Re: [PATCH] hw/virtio/vhost-user: avoid using unitialized errp
Date: Thu, 2 Mar 2023 13:31:33 +0100
Hi,

I found the issue by chance, while working in not-yet-upstreamed virtio code. I am not sure if there is any QEMU stub currently
upstreamed that does not support an F_CONFIG backend, to be able to trigger the error. It may as well be that this branch
of the condition is never executed.

Nonetheless, the segfault can be triggered using the tests/qtest/vhost-user-test, e.g., with the virtio-gpio device. 
We can force the QEMU side to go into the else part of the supports_f_config by applying this patch:
diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
index fe3da32c74..23634e74ce 100644
--- a/hw/virtio/vhost-user-gpio.c
+++ b/hw/virtio/vhost-user-gpio.c
@@ -226,8 +226,8 @@ static int vu_gpio_connect(DeviceState *dev, Error **errp)
     }
     gpio->connected = true;
 
-    vhost_dev_set_config_notifier(vhost_dev, &gpio_ops);
-    gpio->vhost_user.supports_config = true;
+    //vhost_dev_set_config_notifier(vhost_dev, &gpio_ops);
+    gpio->vhost_user.supports_config = false;
 
     ret = vhost_dev_init(vhost_dev, &gpio->vhost_user,
                          VHOST_BACKEND_TYPE_USER, 0, errp);

Without the patch the test would cause the segfault. Otherwise, it prints the warning and fails afterwards.

I couldn't find a good way to properly cover this in a test, but I can try, and add it to this patch if anyone has a suggestion.

BR,
Albert Esteve

On Thu, Mar 2, 2023 at 1:17 PM Albert Esteve <aesteve@redhat.com> wrote:
During protocol negotiation, when we the QEMU
stub does not support a backend with F_CONFIG,
it throws a warning and supresses the
VHOST_USER_PROTOCOL_F_CONFIG bit.

However, the warning uses warn_reportf_err macro
and passes an unitialized errp pointer. However,
the macro tries to edit the 'msg' member of the
unitialized Error and segfaults.

Instead, just use warn_report, which prints a
warning message directly to the output.

Fixes: 5653493 ("hw/virtio/vhost-user: don't suppress F_CONFIG when supported")
Signed-off-by: Albert Esteve <aesteve@redhat.com>
---
 hw/virtio/vhost-user.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index e68daa35d4..34c331b3ba 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -2031,8 +2031,8 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque,
         } else {
             if (virtio_has_feature(protocol_features,
                                    VHOST_USER_PROTOCOL_F_CONFIG)) {
-                warn_reportf_err(*errp, "vhost-user backend supports "
-                                 "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
+                warn_report("vhost-user backend supports "
+                            "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
                 protocol_features &= ~(1ULL << VHOST_USER_PROTOCOL_F_CONFIG);
             }
         }
--
2.39.1

reply via email to
[Prev in Thread] Current Thread [Next in Thread]