Date
1 - 4 of 4
[PATCH 1/3] dm: fix NULL pointer dereference risk in vhost vsock
|
Yonghua Huang
From: Yonghua Huang <yonghua.huang@...>
Pointer 'vsock->vhost_vsock' returned from call to function 'vhost_vsock_init' may be NULL and will be dereferenced when calling 'vhost_vsock_set_guest_cid()'. Signed-off-by: Yonghua Huang <yonghua.huang@...> --- devicemodel/hw/pci/virtio/vhost_vsock.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/devicemodel/hw/pci/virtio/vhost_vsock.c b/devicemodel/hw/pci/virtio/vhost_vsock.c index 563505c25..4892ab3d8 100644 --- a/devicemodel/hw/pci/virtio/vhost_vsock.c +++ b/devicemodel/hw/pci/virtio/vhost_vsock.c @@ -239,6 +239,7 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pthread_mutexattr_t attr; char *devopts = NULL; char *tmp = NULL; + struct vhost_vsock *vhost_vsock; if (opts == NULL) { pr_err(("vsock: must have a valid guest_cid.\n")); @@ -296,16 +297,18 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pci_set_cfgdata16(dev, PCIR_REVID, 1); virtio_set_modern_bar(&vsock->base, false); - - vsock->vhost_vsock = vhost_vsock_init(&vsock->base, 0); + vhost_vsock = vhost_vsock_init(&vsock->base, 0); + if (!vhost_vsock) { + pr_err("vhost vosck init failed."); + free(vsock); + return -1; + } + vsock->vhost_vsock = vhost_vsock; vhost_vsock_set_guest_cid(&vsock->vhost_vsock->vdev, vsock->config.guest_cid); if (virtio_interrupt_init(&vsock->base, virtio_uses_msix())) { - if (vsock) { - if (vsock->vhost_vsock) - vhost_vsock_deinit(vsock->vhost_vsock); - free(vsock); - } + vhost_vsock_deinit(vsock->vhost_vsock); + free(vsock); return -1; } return 0; -- 2.25.1 |
|
|
|
Long Liu
toggle quoted message
Show quoted text
-----Original Message-----
From: acrn-dev@... <acrn-dev@...> On Behalf Of Yonghua Huang Sent: Monday, November 14, 2022 3:58 PM To: acrn-dev@... Subject: [acrn-dev] [PATCH 1/3] dm: fix NULL pointer dereference risk in vhost vsock From: Yonghua Huang <yonghua.huang@...> Pointer 'vsock->vhost_vsock' returned from call to function 'vhost_vsock_init' may be NULL and will be dereferenced when calling 'vhost_vsock_set_guest_cid()'. Signed-off-by: Yonghua Huang <yonghua.huang@...> --- devicemodel/hw/pci/virtio/vhost_vsock.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/devicemodel/hw/pci/virtio/vhost_vsock.c b/devicemodel/hw/pci/virtio/vhost_vsock.c index 563505c25..4892ab3d8 100644 --- a/devicemodel/hw/pci/virtio/vhost_vsock.c +++ b/devicemodel/hw/pci/virtio/vhost_vsock.c @@ -239,6 +239,7 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pthread_mutexattr_t attr; char *devopts = NULL; char *tmp = NULL; + struct vhost_vsock *vhost_vsock; if (opts == NULL) { pr_err(("vsock: must have a valid guest_cid.\n")); @@ -296,16 +297,18 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pci_set_cfgdata16(dev, PCIR_REVID, 1); virtio_set_modern_bar(&vsock->base, false); - - vsock->vhost_vsock = vhost_vsock_init(&vsock->base, 0); + vhost_vsock = vhost_vsock_init(&vsock->base, 0); + if (!vhost_vsock) { + pr_err("vhost vosck init failed."); + free(vsock); + return -1; + } + vsock->vhost_vsock = vhost_vsock; vhost_vsock_set_guest_cid(&vsock->vhost_vsock->vdev, vsock->config.guest_cid); if (virtio_interrupt_init(&vsock->base, virtio_uses_msix())) { - if (vsock) { - if (vsock->vhost_vsock) - vhost_vsock_deinit(vsock->vhost_vsock); - free(vsock); - } + vhost_vsock_deinit(vsock->vhost_vsock); + free(vsock); return -1; } return 0; -- 2.25.1 |
|
|
|
Long Liu
toggle quoted message
Show quoted text
-----Original Message-----
From: acrn-dev@... <acrn-dev@...> On Behalf Of Yonghua Huang Sent: Monday, November 14, 2022 3:58 PM To: acrn-dev@... Subject: [acrn-dev] [PATCH 1/3] dm: fix NULL pointer dereference risk in vhost vsock From: Yonghua Huang <yonghua.huang@...> Pointer 'vsock->vhost_vsock' returned from call to function 'vhost_vsock_init' may be NULL and will be dereferenced when calling 'vhost_vsock_set_guest_cid()'. Signed-off-by: Yonghua Huang <yonghua.huang@...> [Long:] Reviewed-by: Liu Long <long.liu@...> --- devicemodel/hw/pci/virtio/vhost_vsock.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/devicemodel/hw/pci/virtio/vhost_vsock.c b/devicemodel/hw/pci/virtio/vhost_vsock.c index 563505c25..4892ab3d8 100644 --- a/devicemodel/hw/pci/virtio/vhost_vsock.c +++ b/devicemodel/hw/pci/virtio/vhost_vsock.c @@ -239,6 +239,7 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pthread_mutexattr_t attr; char *devopts = NULL; char *tmp = NULL; + struct vhost_vsock *vhost_vsock; if (opts == NULL) { pr_err(("vsock: must have a valid guest_cid.\n")); @@ -296,16 +297,18 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts) pci_set_cfgdata16(dev, PCIR_REVID, 1); virtio_set_modern_bar(&vsock->base, false); - - vsock->vhost_vsock = vhost_vsock_init(&vsock->base, 0); + vhost_vsock = vhost_vsock_init(&vsock->base, 0); + if (!vhost_vsock) { + pr_err("vhost vosck init failed."); + free(vsock); + return -1; + } + vsock->vhost_vsock = vhost_vsock; vhost_vsock_set_guest_cid(&vsock->vhost_vsock->vdev, vsock->config.guest_cid); if (virtio_interrupt_init(&vsock->base, virtio_uses_msix())) { - if (vsock) { - if (vsock->vhost_vsock) - vhost_vsock_deinit(vsock->vhost_vsock); - free(vsock); - } + vhost_vsock_deinit(vsock->vhost_vsock); + free(vsock); return -1; } return 0; -- 2.25.1 |
|
|
|
Yonghua Huang
Thanks Long😊
toggle quoted message
Show quoted text
-Yonghua -----Original Message----- |
|
|