subject:"\[PATCH 01\/16\] vfio\/display\: Fix error path in call site of ramfb

Re: [PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

2024-05-21 Thread Cédric Le Goater


On 5/15/24 10:20, Zhenzhong Duan wrote:

vfio_display_dmabuf_init() and vfio_display_region_init() calls
ramfb_setup() without checking its return value.

So we may run into a situation that vfio_display_probe() succeed
but errp is set. This is risky and may lead to assert failure in
error_setv().

Cc: Gerd Hoffmann 
Fixes: b290659fc3d ("hw/vfio/display: add ramfb support")
Signed-off-by: Zhenzhong Duan 


Reviewed-by: Cédric Le Goater 

Thanks,

C.



---
  hw/vfio/display.c | 6 ++
  1 file changed, 6 insertions(+)

diff --git a/hw/vfio/display.c b/hw/vfio/display.c
index 1aa440c663..57c5ae0b2a 100644
--- a/hw/vfio/display.c
+++ b/hw/vfio/display.c
@@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, 
Error **errp)
vdev);
  if (vdev->enable_ramfb) {
  vdev->dpy->ramfb = ramfb_setup(errp);
+if (!vdev->dpy->ramfb) {
+return -EINVAL;
+}
  }
  vfio_display_edid_init(vdev);
  return 0;
@@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, 
Error **errp)
vdev);
  if (vdev->enable_ramfb) {
  vdev->dpy->ramfb = ramfb_setup(errp);
+if (!vdev->dpy->ramfb) {
+return -EINVAL;
+}
  }
  return 0;
  }

[PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

2024-05-15 Thread Zhenzhong Duan

vfio_display_dmabuf_init() and vfio_display_region_init() calls
ramfb_setup() without checking its return value.

So we may run into a situation that vfio_display_probe() succeed
but errp is set. This is risky and may lead to assert failure in
error_setv().

Cc: Gerd Hoffmann 
Fixes: b290659fc3d ("hw/vfio/display: add ramfb support")
Signed-off-by: Zhenzhong Duan 
---
 hw/vfio/display.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/vfio/display.c b/hw/vfio/display.c
index 1aa440c663..57c5ae0b2a 100644
--- a/hw/vfio/display.c
+++ b/hw/vfio/display.c
@@ -359,6 +359,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, 
Error **errp)
   vdev);
 if (vdev->enable_ramfb) {
 vdev->dpy->ramfb = ramfb_setup(errp);
+if (!vdev->dpy->ramfb) {
+return -EINVAL;
+}
 }
 vfio_display_edid_init(vdev);
 return 0;
@@ -486,6 +489,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, 
Error **errp)
   vdev);
 if (vdev->enable_ramfb) {
 vdev->dpy->ramfb = ramfb_setup(errp);
+if (!vdev->dpy->ramfb) {
+return -EINVAL;
+}
 }
 return 0;
 }
-- 
2.34.1

Re: [PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

[PATCH 01/16] vfio/display: Fix error path in call site of ramfb_setup()

2 matches

Site Navigation

Mail list logo

Footer information