From: Peter Maydell <peter.mayd...@linaro.org> Check the return status of the xen_host_pci_get_* functions we call in xen_pt_msix_init(), and fail device init if the reads failed rather than ploughing ahead. (Spotted by Coverity: CID 777338.)
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Stefano Stabellini <sstabell...@kernel.org> Signed-off-by: Stefano Stabellini <sstabell...@kernel.org> --- hw/xen/xen_pt_msi.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c index 62add06..ff9a79f 100644 --- a/hw/xen/xen_pt_msi.c +++ b/hw/xen/xen_pt_msi.c @@ -535,7 +535,11 @@ int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base) return -1; } - xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control); + rc = xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control); + if (rc) { + XEN_PT_ERR(d, "Failed to read PCI_MSIX_FLAGS field\n"); + return rc; + } total_entries = control & PCI_MSIX_FLAGS_QSIZE; total_entries += 1; @@ -554,7 +558,11 @@ int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base) + XC_PAGE_SIZE - 1) & XC_PAGE_MASK); - xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off); + rc = xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off); + if (rc) { + XEN_PT_ERR(d, "Failed to read PCI_MSIX_TABLE field\n"); + goto error_out; + } bar_index = msix->bar_index = table_off & PCI_MSIX_FLAGS_BIRMASK; table_off = table_off & ~PCI_MSIX_FLAGS_BIRMASK; msix->table_base = s->real_device.io_regions[bar_index].base_addr; -- 1.9.1