[libvirt] [PATCH] pci: initialize virtual_functions array pointer to avoid segfault
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325 The problem was that if virPCIGetVirtualFunctions was given the name of a non-existent interface, it would return to its caller without initializing the pointer to the array of virtual functions to NULL, and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE() the invalid pointer. The final error message before the crash would be: virPCIGetVirtualFunctions:2088 : Failed to open dir '/sys/class/net/eth2/device': No such file or directory In this patch I move the initialization in virPCIGetVirtualFunctions() to the begining of the function, and also do an explicit initialization in virNetDevGetVirtualFunctions, just in case someone in the future adds code into that function prior to the call to virPCIGetVirtualFunctions. --- src/util/virnetdev.c | 3 +++ src/util/virpci.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index ebe20d0..5e8dffb 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1100,6 +1100,9 @@ virNetDevGetVirtualFunctions(const char *pfname, char *pci_sysfs_device_link = NULL; char *pciConfigAddr = NULL; + *virt_fns = NULL; + *n_vfname = 0; + if (virNetDevSysfsFile(&pf_sysfs_device_link, pfname, "device") < 0) return ret; diff --git a/src/util/virpci.c b/src/util/virpci.c index 2acab1a..15de3f9 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2449,6 +2449,9 @@ virPCIGetVirtualFunctions(const char *sysfs_path, VIR_DEBUG("Attempting to get SR IOV virtual functions for device" "with sysfs path '%s'", sysfs_path); + *virtual_functions = NULL; + *num_virtual_functions = 0; + dir = opendir(sysfs_path); if (dir == NULL) { memset(errbuf, '\0', sizeof(errbuf)); @@ -2458,8 +2461,6 @@ virPCIGetVirtualFunctions(const char *sysfs_path, return ret; } - *virtual_functions = NULL; - *num_virtual_functions = 0; while ((entry = readdir(dir))) { if (STRPREFIX(entry->d_name, "virtfn")) { virPCIDeviceAddress *config_addr = NULL; -- 1.7.11.7
On Mon, Jul 01, 2013 at 12:01:28AM -0400, Laine Stump wrote:
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325
The problem was that if virPCIGetVirtualFunctions was given the name of a non-existent interface, it would return to its caller without initializing the pointer to the array of virtual functions to NULL, and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE() the invalid pointer.
The final error message before the crash would be:
virPCIGetVirtualFunctions:2088 : Failed to open dir '/sys/class/net/eth2/device': No such file or directory
In this patch I move the initialization in virPCIGetVirtualFunctions() to the begining of the function, and also do an explicit initialization in virNetDevGetVirtualFunctions, just in case someone in the future adds code into that function prior to the call to virPCIGetVirtualFunctions. --- src/util/virnetdev.c | 3 +++ src/util/virpci.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index ebe20d0..5e8dffb 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1100,6 +1100,9 @@ virNetDevGetVirtualFunctions(const char *pfname, char *pci_sysfs_device_link = NULL; char *pciConfigAddr = NULL;
+ *virt_fns = NULL; + *n_vfname = 0; + if (virNetDevSysfsFile(&pf_sysfs_device_link, pfname, "device") < 0) return ret;
diff --git a/src/util/virpci.c b/src/util/virpci.c index 2acab1a..15de3f9 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2449,6 +2449,9 @@ virPCIGetVirtualFunctions(const char *sysfs_path, VIR_DEBUG("Attempting to get SR IOV virtual functions for device" "with sysfs path '%s'", sysfs_path);
+ *virtual_functions = NULL; + *num_virtual_functions = 0; + dir = opendir(sysfs_path); if (dir == NULL) { memset(errbuf, '\0', sizeof(errbuf)); @@ -2458,8 +2461,6 @@ virPCIGetVirtualFunctions(const char *sysfs_path, return ret; }
- *virtual_functions = NULL; - *num_virtual_functions = 0; while ((entry = readdir(dir))) { if (STRPREFIX(entry->d_name, "virtfn")) { virPCIDeviceAddress *config_addr = NULL; -- 1.7.11.7
ACK, Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/
On 07/01/2013 12:21 AM, Daniel Veillard wrote:
On Mon, Jul 01, 2013 at 12:01:28AM -0400, Laine Stump wrote:
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325
The problem was that if virPCIGetVirtualFunctions was given the name of a non-existent interface, it would return to its caller without initializing the pointer to the array of virtual functions to NULL, and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE() the invalid pointer.
The final error message before the crash would be:
virPCIGetVirtualFunctions:2088 : Failed to open dir '/sys/class/net/eth2/device': No such file or directory
In this patch I move the initialization in virPCIGetVirtualFunctions() to the begining of the function, and also do an explicit initialization in virNetDevGetVirtualFunctions, just in case someone in the future adds code into that function prior to the call to virPCIGetVirtualFunctions. --- src/util/virnetdev.c | 3 +++ src/util/virpci.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index ebe20d0..5e8dffb 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1100,6 +1100,9 @@ virNetDevGetVirtualFunctions(const char *pfname, char *pci_sysfs_device_link = NULL; char *pciConfigAddr = NULL;
+ *virt_fns = NULL; + *n_vfname = 0; + if (virNetDevSysfsFile(&pf_sysfs_device_link, pfname, "device") < 0) return ret;
diff --git a/src/util/virpci.c b/src/util/virpci.c index 2acab1a..15de3f9 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2449,6 +2449,9 @@ virPCIGetVirtualFunctions(const char *sysfs_path, VIR_DEBUG("Attempting to get SR IOV virtual functions for device" "with sysfs path '%s'", sysfs_path);
+ *virtual_functions = NULL; + *num_virtual_functions = 0; + dir = opendir(sysfs_path); if (dir == NULL) { memset(errbuf, '\0', sizeof(errbuf)); @@ -2458,8 +2461,6 @@ virPCIGetVirtualFunctions(const char *sysfs_path, return ret; }
- *virtual_functions = NULL; - *num_virtual_functions = 0; while ((entry = readdir(dir))) { if (STRPREFIX(entry->d_name, "virtfn")) { virPCIDeviceAddress *config_addr = NULL; -- 1.7.11.7 ACK,
Pushed. Thanks!
participants (2)
-
Daniel Veillard -
Laine Stump