| Message ID | 20240515082041.556571-2-zhenzhong.duan@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | VFIO: misc cleanups part2 | expand |
On 5/15/24 10:20, Zhenzhong Duan wrote: > vfio_display_dmabuf_init() and vfio_display_region_init() calls > ramfb_setup() without checking its return value. > > So we may run into a situation that vfio_display_probe() succeed > but errp is set. This is risky and may lead to assert failure in > error_setv(). > > Cc: Gerd Hoffmann <kraxel@redhat.com> > Fixes: b290659fc3d ("hw/vfio/display: add ramfb support") > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Thanks, C. > --- > hw/vfio/display.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/hw/vfio/display.c b/hw/vfio/display.c > index 1aa440c663..57c5ae0b2a 100644 > --- a/hw/vfio/display.c > +++ b/hw/vfio/display.c > @@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp) > vdev); > if (vdev->enable_ramfb) { > vdev->dpy->ramfb = ramfb_setup(errp); > + if (!vdev->dpy->ramfb) { > + return -EINVAL; > + } > } > vfio_display_edid_init(vdev); > return 0; > @@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp) > vdev); > if (vdev->enable_ramfb) { > vdev->dpy->ramfb = ramfb_setup(errp); > + if (!vdev->dpy->ramfb) { > + return -EINVAL; > + } > } > return 0; > }
diff --git a/hw/vfio/display.c b/hw/vfio/display.c index 1aa440c663..57c5ae0b2a 100644 --- a/hw/vfio/display.c +++ b/hw/vfio/display.c @@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp) vdev); if (vdev->enable_ramfb) { vdev->dpy->ramfb = ramfb_setup(errp); + if (!vdev->dpy->ramfb) { + return -EINVAL; + } } vfio_display_edid_init(vdev); return 0; @@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp) vdev); if (vdev->enable_ramfb) { vdev->dpy->ramfb = ramfb_setup(errp); + if (!vdev->dpy->ramfb) { + return -EINVAL; + } } return 0; }
vfio_display_dmabuf_init() and vfio_display_region_init() calls ramfb_setup() without checking its return value. So we may run into a situation that vfio_display_probe() succeed but errp is set. This is risky and may lead to assert failure in error_setv(). Cc: Gerd Hoffmann <kraxel@redhat.com> Fixes: b290659fc3d ("hw/vfio/display: add ramfb support") Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- hw/vfio/display.c | 6 ++++++ 1 file changed, 6 insertions(+)