[PULL 15/16] vfio/pci: Fix a segfault in vfio

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 15/16] vfio/pci: Fix a segfault in vfio_realize

From:	Cédric Le Goater
Subject:	[PULL 15/16] vfio/pci: Fix a segfault in vfio_realize
Date:	Fri, 30 Jun 2023 07:22:34 +0200

From: Zhenzhong Duan <zhenzhong.duan@intel.com>

The kvm irqchip notifier is only registered if the device supports
INTx, however it's unconditionally removed in vfio realize error
path. If the assigned device does not support INTx, this will cause
QEMU to crash when vfio realize fails. Change it to conditionally
remove the notifier only if the notify hook is setup.

Before fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Connection closed by foreign host.

After fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Error: vfio 0000:81:11.1: xres and yres properties require display=on
(qemu)

Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/pci.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 73e19a04b2bf..48df517f79ee 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3221,7 +3221,9 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
 
 out_deregister:
     pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
-    kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+    if (vdev->irqchip_change_notifier.notify) {
+        kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+    }
 out_teardown:
     vfio_teardown_msi(vdev);
     vfio_bars_exit(vdev);
-- 
2.41.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 06/16] vfio/migration: Store VFIO migration flags in VFIOMigration, (continued)
- [PULL 06/16] vfio/migration: Store VFIO migration flags in VFIOMigration, Cédric Le Goater, 2023/06/30
- [PULL 04/16] tests: Add migration switchover ack capability test, Cédric Le Goater, 2023/06/30
- [PULL 07/16] vfio/migration: Add VFIO migration pre-copy support, Cédric Le Goater, 2023/06/30
- [PULL 08/16] vfio/migration: Add support for switchover ack capability, Cédric Le Goater, 2023/06/30
- [PULL 14/16] MAINTAINERS: Promote Cédric to VFIO co-maintainer, Cédric Le Goater, 2023/06/30
- [PULL 10/16] hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques, Cédric Le Goater, 2023/06/30
- [PULL 11/16] vfio/pci: Call vfio_prepare_kvm_msi_virq_batch() in MSI retry path, Cédric Le Goater, 2023/06/30
- [PULL 09/16] vfio: Implement a common device info helper, Cédric Le Goater, 2023/06/30
- [PULL 12/16] vfio/migration: Reset bytes_transferred properly, Cédric Le Goater, 2023/06/30
- [PULL 13/16] vfio/migration: Make VFIO migration non-experimental, Cédric Le Goater, 2023/06/30
- [PULL 15/16] vfio/pci: Fix a segfault in vfio_realize, Cédric Le Goater <=
- [PULL 16/16] vfio/pci: Free leaked timer in vfio_realize error path, Cédric Le Goater, 2023/06/30
- Re: [PULL 00/16] vfio queue, Richard Henderson, 2023/06/30

Prev by Date: [PULL 13/16] vfio/migration: Make VFIO migration non-experimental
Next by Date: [PULL 16/16] vfio/pci: Free leaked timer in vfio_realize error path
Previous by thread: [PULL 13/16] vfio/migration: Make VFIO migration non-experimental
Next by thread: [PULL 16/16] vfio/pci: Free leaked timer in vfio_realize error path
Index(es):
- Date
- Thread