diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2017-07-27 10:49:05 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2017-07-27 10:49:05 +0100 |
| commit | 6be37cc583454ee27587a79b6008e22c3cc1a763 (patch) | |
| tree | 8967f9d863ca9c0d3cc9fb0c9a9d781930bdc4de | |
| parent | 2dca6d9e7eb4fb25f1e41024ca20515b38bc8635 (diff) | |
| parent | 96d2c2c57452f8b6bc3decae71435e7230f3432e (diff) | |
| download | focaccia-qemu-6be37cc583454ee27587a79b6008e22c3cc1a763.tar.gz focaccia-qemu-6be37cc583454ee27587a79b6008e22c3cc1a763.zip | |
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20170726.0' into staging
VFIO fixes 2017-07-26 - Error path use after free bug fixes (Philippe Mathieu-Daudé) # gpg: Signature made Wed 26 Jul 2017 18:49:00 BST # gpg: using RSA key 0x239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-fixes-20170726.0: vfio/pci: fix use of freed memory vfio/platform: fix use of freed memory Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to '')
| -rw-r--r-- | hw/vfio/pci.c | 11 | ||||
| -rw-r--r-- | hw/vfio/platform.c | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index d4051cb951..31e1edf447 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -257,7 +257,7 @@ static void vfio_intx_update(PCIDevice *pdev) static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp) { uint8_t pin = vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1); - int ret, argsz; + int ret, argsz, retval = 0; struct vfio_irq_set *irq_set; int32_t *pfd; Error *err = NULL; @@ -302,12 +302,12 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp) qemu_set_fd_handler(*pfd, vfio_intx_interrupt, NULL, vdev); ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_SET_IRQS, irq_set); - g_free(irq_set); if (ret) { error_setg_errno(errp, -ret, "failed to setup INTx fd"); qemu_set_fd_handler(*pfd, NULL, NULL, vdev); event_notifier_cleanup(&vdev->intx.interrupt); - return -errno; + retval = -errno; + goto cleanup; } vfio_intx_enable_kvm(vdev, &err); @@ -319,7 +319,10 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp) trace_vfio_intx_enable(vdev->vbasedev.name); - return 0; +cleanup: + g_free(irq_set); + + return retval; } static void vfio_intx_disable(VFIOPCIDevice *vdev) diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c index 7c09deda61..da84abf4fc 100644 --- a/hw/vfio/platform.c +++ b/hw/vfio/platform.c @@ -120,11 +120,11 @@ static int vfio_set_trigger_eventfd(VFIOINTp *intp, *pfd = event_notifier_get_fd(intp->interrupt); qemu_set_fd_handler(*pfd, (IOHandler *)handler, NULL, intp); ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set); - g_free(irq_set); if (ret < 0) { error_report("vfio: Failed to set trigger eventfd: %m"); qemu_set_fd_handler(*pfd, NULL, NULL, NULL); } + g_free(irq_set); return ret; } |