diff mbox series

kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()

Message ID 1548859760-10654-1-git-send-email-liam.merwick@oracle.com (mailing list archive)
State New, archived
Headers show
Series kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu() | expand

Commit Message

Liam Merwick Jan. 30, 2019, 2:49 p.m. UTC 
From: Liam Merwick <Liam.Merwick@oracle.com>

In kvm_arch_init_vcpu() a call to cpuid_find_entry() can return
NULL so the pointer returned should be checked before dereferencing it.

Reported by the Parfait static code analysis tool

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
---
 target/i386/kvm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Paolo Bonzini Jan. 30, 2019, 3:20 p.m. UTC | #1 
On 30/01/19 15:49, Liam Merwick wrote:
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index 9af4542fb8a8..89fac4a5576c 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -1308,7 +1308,9 @@ int kvm_arch_init_vcpu(CPUState *cs)
>          c->ecx = c->edx = 0;
>  
>          c = cpuid_find_entry(&cpuid_data.cpuid, kvm_base, 0);
> -        c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
> +        if (c) {
> +            c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
> +	}
>      }
>  
>      cpuid_data.cpuid.nent = cpuid_i;
> -- 1.8.3.1

That cannot happen, the line is inside "if (cpu->expose_kvm)" which in
turn has added that CPUID entry to cpuid_data.

Thanks,

Paolo
no-reply@patchew.org Jan. 31, 2019, 6:01 p.m. UTC | #2 
Patchew URL: https://patchew.org/QEMU/1548859760-10654-1-git-send-email-liam.merwick@oracle.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH] kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()
Type: series
Message-id: 1548859760-10654-1-git-send-email-liam.merwick@oracle.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f01539b22b kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()

=== OUTPUT BEGIN ===
ERROR: code indent should never use tabs
#26: FILE: target/i386/kvm.c:1313:
+^I}$

total: 1 errors, 0 warnings, 10 lines checked

Commit f01539b22bda (kvm: Potential NULL pointer dereference in kvm_arch_init_vcpu()) has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/1548859760-10654-1-git-send-email-liam.merwick@oracle.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
diff mbox series

Patch

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 9af4542fb8a8..89fac4a5576c 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1308,7 +1308,9 @@  int kvm_arch_init_vcpu(CPUState *cs)
         c->ecx = c->edx = 0;
 
         c = cpuid_find_entry(&cpuid_data.cpuid, kvm_base, 0);
-        c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+        if (c) {
+            c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+	}
     }
 
     cpuid_data.cpuid.nent = cpuid_i;