From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 153998186981072.88945445537638;
 Fri, 19 Oct 2018 13:44:29 -0700 (PDT)
Received: from localhost ([::1]:52662 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbdE-0003mf-Le
	for importer@patchew.org; Fri, 19 Oct 2018 16:44:28 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54751)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXz-0007wL-TV
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXw-0002Xo-Pg
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:03 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:35588)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXs-0002O7-4Q; Fri, 19 Oct 2018 16:38:56 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYWr0142587; Fri, 19 Oct 2018 20:38:55 GMT
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by userp2130.oracle.com with ESMTP id 2n384up8s4-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:55 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcnPZ027843
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:49 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9JKcnU8024942;
	Fri, 19 Oct 2018 20:38:49 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=27Ca/lic9ylJCAd3SzTiE9+SWfy0bXmP18YaDIyTWFE=;
	b=URp/hbL5gq1l0HRd5KxfeTdxkZaP0NSSE45NLHVqRpRKfzPpnxQxb7/gJxvstDWaBcd1
	aBQiaAoV8HK2sb1cuyjUOoQxQxcT49+A/yjgi2ySoifKtAAr5QaysFM6rwZVQT9uBWnt
	rtTOK9LQauYN/p3oiAI5WH1I7xWIZbTr4AgQPQajGqlFmWcFVlDC5s4XpN6ZBUxFmWdL
	F4O32g56WVeRZosmFMPLrUqOT1lnOi5OaJb2HDCFn+grwudKM+Jwaf4FNuW5W/aGWIQB
	YKg6YY/XIGP7GuSXByTBjW9DDH1cPkc9AuyiHmZzqIUfetSlhfTqfXKDDDpEpmIOchlQ
	NA==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:38:59 +0100
Message-Id: <1539981546-10596-2-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=681
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.86
Subject: [Qemu-devel] [PATCH v4 1/8] configure: Provide option to explicitly
 disable AVX2
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

The configure script detects if the compiler has AVX2 support and
automatically sets avx2_opt=3D"yes" which in turn defines CONFIG_AVX2_OPT.
There is no way of explicitly overriding this setting so this commit adds
two command-line options: --enable-avx2 and --disable-avx2.

The default behaviour, when no option is specified, is to maintain the
current behaviour and enable AVX2 if the compiler supports it.

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Reviewed-by: Darren Kenny <Darren.Kenny@oracle.com>
Reviewed-by: Mark Kanda <Mark.Kanda@oracle.com>
---
 configure | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 9138af37f8a0..3a3e5f7004ce 100755
--- a/configure
+++ b/configure
@@ -428,7 +428,7 @@ usb_redir=3D""
 opengl=3D""
 opengl_dmabuf=3D"no"
 cpuid_h=3D"no"
-avx2_opt=3D"no"
+avx2_opt=3D""
 zlib=3D"yes"
 capstone=3D""
 lzo=3D""
@@ -1332,6 +1332,10 @@ for opt do
   ;;
   --disable-glusterfs) glusterfs=3D"no"
   ;;
+  --disable-avx2) avx2_opt=3D"no"
+  ;;
+  --enable-avx2) avx2_opt=3D"yes"
+  ;;
   --enable-glusterfs) glusterfs=3D"yes"
   ;;
   --disable-virtio-blk-data-plane|--enable-virtio-blk-data-plane)
@@ -1706,6 +1710,7 @@ disabled with --disable-FEATURE, default is enabled i=
f available:
   libxml2         for Parallels image format
   tcmalloc        tcmalloc support
   jemalloc        jemalloc support
+  avx2            AVX2 optimization support
   replication     replication support
   vhost-vsock     virtio sockets device support
   opengl          opengl support
@@ -5094,7 +5099,7 @@ fi
 # There is no point enabling this if cpuid.h is not usable,
 # since we won't be able to select the new routines.
=20
-if test $cpuid_h =3D yes; then
+if test "$cpuid_h" =3D "yes" -a "$avx2_opt" !=3D "no"; then
   cat > $TMPC << EOF
 #pragma GCC push_options
 #pragma GCC target("avx2")
@@ -5108,6 +5113,8 @@ int main(int argc, char *argv[]) { return bar(argv[0]=
); }
 EOF
   if compile_object "" ; then
     avx2_opt=3D"yes"
+  else
+    avx2_opt=3D"no"
   fi
 fi
=20
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1539981650837762.6432657403461;
 Fri, 19 Oct 2018 13:40:50 -0700 (PDT)
Received: from localhost ([::1]:52642 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbZY-0000OJ-Il
	for importer@patchew.org; Fri, 19 Oct 2018 16:40:40 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54657)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXv-0007sN-0v
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:38:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXu-0002SY-40
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:38:58 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:35550)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXp-0002IZ-SP; Fri, 19 Oct 2018 16:38:54 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYNDp142442; Fri, 19 Oct 2018 20:38:52 GMT
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp2130.oracle.com with ESMTP id 2n384up8rx-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:52 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcpfu024405
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:51 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcobm030737;
	Fri, 19 Oct 2018 20:38:51 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=+u2a8j+hC6NFYKwgmD02CX8t2PANM+eYkiXiC/CBpk8=;
	b=nKlQr2NMLLJmrVzVpOFeisTkrwZeacNeNsoP75BLRBCNxHaRwf/k/3ffyU1dbIeVa5lA
	ERckl26U/FBV0KGttb87NwvfrjbRYYIW60S58hY5YFdBWc6Uxeood/sWMXw0srigvwLW
	BUi6XY8UTP1jnZg17PN8fb5nzFVPSd3T0KFt5OHjx53tOqxXBMv5473/wg+uMxOsYob9
	Nh/1+uXJy1WReDzUcTHbtgLw3GlIMuY74Q+kfRhJtpK0VAsVX5Co8Iq9gjwGg9RBjqTr
	nRCvOe0BMBr7oUV0IyaJCmT1Drvqwh8MyY33HnxRP4YOMxbaa4LulI3j0lyPX2Fu9lVR
	PQ==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:00 +0100
Message-Id: <1539981546-10596-3-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=826
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.86
Subject: [Qemu-devel] [PATCH v4 2/8] job: Fix off-by-one assert checks for
 JobSTT and JobVerbTable
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

In the assert checking the array dereference of JobVerbTable[verb]
in job_apply_verb() the check of the index, verb, allows an overrun
because an index equal to the array size is permitted.

Similarly, in the assert check of JobSTT[s0][s1] with index s1
in job_state_transition(), an off-by-one overrun is not flagged
either.

This is not a run-time issue as there are no callers actually
passing in the max value.

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Reviewed-by: Darren Kenny <Darren.Kenny@oracle.com>
Reviewed-by: Mark Kanda <Mark.Kanda@oracle.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
 job.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/job.c b/job.c
index c65e01bbfa34..da8e4b7bf2f3 100644
--- a/job.c
+++ b/job.c
@@ -159,7 +159,7 @@ bool job_is_internal(Job *job)
 static void job_state_transition(Job *job, JobStatus s1)
 {
     JobStatus s0 =3D job->status;
-    assert(s1 >=3D 0 && s1 <=3D JOB_STATUS__MAX);
+    assert(s1 >=3D 0 && s1 < JOB_STATUS__MAX);
     trace_job_state_transition(job, job->ret,
                                JobSTT[s0][s1] ? "allowed" : "disallowed",
                                JobStatus_str(s0), JobStatus_str(s1));
@@ -174,7 +174,7 @@ static void job_state_transition(Job *job, JobStatus s1)
 int job_apply_verb(Job *job, JobVerb verb, Error **errp)
 {
     JobStatus s0 =3D job->status;
-    assert(verb >=3D 0 && verb <=3D JOB_VERB__MAX);
+    assert(verb >=3D 0 && verb < JOB_VERB__MAX);
     trace_job_apply_verb(job, JobStatus_str(s0), JobVerb_str(verb),
                          JobVerbTable[verb][s0] ? "allowed" : "prohibited"=
);
     if (JobVerbTable[verb][s0]) {
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 153998165071889.17115499941622;
 Fri, 19 Oct 2018 13:40:50 -0700 (PDT)
Received: from localhost ([::1]:52643 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbZb-0000Qf-VL
	for importer@patchew.org; Fri, 19 Oct 2018 16:40:44 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54659)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXv-0007sO-2I
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:38:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXu-0002T0-8J
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:38:59 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:48126)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXp-0002Id-TF; Fri, 19 Oct 2018 16:38:54 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYHTw148232; Fri, 19 Oct 2018 20:38:53 GMT
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by aserp2120.oracle.com with ESMTP id 2n38nqp1s7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:52 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcqIj024443
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:52 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9JKcqlY024961;
	Fri, 19 Oct 2018 20:38:52 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=USO7TIyjOhOvfAsT8Be8b/cGAZWRsU+HVsnGau4cOSs=;
	b=HUHqo6bf1YHzG1rcMSrj/Z+G2Vn7TEmZeyl2BjLsnQj6AqZtoaWr7QIM0L1g0EagGJe7
	OxwMLpcGtPtbwRuFuvGOZLGp9wcPxxyI1lQEK+CY+zZilvS5bafOjAm++e55XRJDjsEH
	yVCPwoXtQEHa5W0Be6z9LZk2gCnFEns9VdYvuDSx6H2k6YUF/Z7qqVVLbHvaIvQ2k5Fw
	sqmQ8hSsXJSVo1iQQRJm3G8C+sp2GuMb+9DVmbl38Nv83NI90YHgXf9oc2tQGn8LgQvP
	cx2ebPzi7+CAKOefukT7IugtBEw7Yvso+oq4zxXy/jWNMkPRzgXj9jwN1RVHmbjHNyHx
	Tw==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:01 +0100
Message-Id: <1539981546-10596-4-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 141.146.126.78
Subject: [Qemu-devel] [PATCH v4 3/8] block: Null pointer dereference in
 blk_root_get_parent_desc()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

The dev_id returned by the call to blk_get_attached_dev_id() in
blk_root_get_parent_desc() can be NULL (an internal call to
object_get_canonical_path may have returned NULL).

Instead of just checking this case before before dereferencing,
adjust blk_get_attached_dev_id() to return the empty string if no
object path can be found (similar to the case when blk->dev is NULL
and an empty string is returned).

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
---
 block/block-backend.c | 6 +++++-
 dtc                   | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index dc0cd5772413..e628920f3cd8 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -909,6 +909,7 @@ void *blk_get_attached_dev(BlockBackend *blk)
 char *blk_get_attached_dev_id(BlockBackend *blk)
 {
     DeviceState *dev;
+    char *dev_id;
=20
     assert(!blk->legacy_dev);
     dev =3D blk->dev;
@@ -918,7 +919,10 @@ char *blk_get_attached_dev_id(BlockBackend *blk)
     } else if (dev->id) {
         return g_strdup(dev->id);
     }
-    return object_get_canonical_path(OBJECT(dev));
+
+    dev_id =3D object_get_canonical_path(OBJECT(dev));
+
+    return dev_id ? dev_id : g_strdup("");
 }
=20
 /*
diff --git a/dtc b/dtc
index 88f18909db73..e54388015af1 160000
--- a/dtc
+++ b/dtc
@@ -1 +1 @@
-Subproject commit 88f18909db731a627456f26d779445f84e449536
+Subproject commit e54388015af1fb4bf04d0bca99caba1074d9cc42
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1539981765725245.64870625016522;
 Fri, 19 Oct 2018 13:42:45 -0700 (PDT)
Received: from localhost ([::1]:52655 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbbY-0001rV-L6
	for importer@patchew.org; Fri, 19 Oct 2018 16:42:44 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54754)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXz-0007wN-UD
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXw-0002Xj-Nc
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:03 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:48164)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXs-0002OF-9Q; Fri, 19 Oct 2018 16:38:56 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYJeZ148243; Fri, 19 Oct 2018 20:38:55 GMT
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71])
	by aserp2120.oracle.com with ESMTP id 2n38nqp1sf-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:55 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcsIb031000
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:54 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9JKcsDo024969;
	Fri, 19 Oct 2018 20:38:54 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:53 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=vA93FurnqF29wFJcJgkw5UGhODJPeXdwIfiZCdIpqEw=;
	b=zT0+IU0qO/asQkMqUnQWUFQZgqlHhPmiAkESBqSVDSsTXoQ6LC6f2EA5jwawblaZwmYx
	YZptgg9HSiDMf1BqEMZhUoiIeDz7I1hGBZObCcKhwyTJDB1vCJVDm3sOkyv74l9vkP6c
	LqxVgvz9mWY5CbmHQMR6Lzmzp6CvxX2bMdam8QEpdTu00PXkJPkabghgiU8FmBmHfS4B
	VmnqPbJ67FanKbQLtv7CFSjQaA1QThNWrEwiSvA3YOYQuxocVy3/zwQ/+74F3mh6ZuuD
	ktPKE+O3kIw+JHE/3+yjr6XVylF7ypNW4WCXna/e4SLvasFlb3wbuitCVJaKTYlaXEXV
	3A==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:02 +0100
Message-Id: <1539981546-10596-5-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=903
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 141.146.126.78
Subject: [Qemu-devel] [PATCH v4 4/8] qemu-img: assert block_job_get() does
 not return NULL in img_commit()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

Although the function block_job_get() can return NULL, it would be a
serious bug if it did so (because the job yields before executing anything
(if it started successfully); but otherwise, commit_active_start() would
have returned an error).  However, as a precaution, before dereferencing
the 'job' pointer in img_commit() assert it is not NULL.

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
---
 qemu-img.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qemu-img.c b/qemu-img.c
index b12f4cd19b0a..457aa152296b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1029,6 +1029,7 @@ static int img_commit(int argc, char **argv)
     }
=20
     job =3D block_job_get("commit");
+    assert(job);
     run_block_job(job, &local_err);
     if (local_err) {
         goto unref_backing;
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1539982065567484.2875719601949;
 Fri, 19 Oct 2018 13:47:45 -0700 (PDT)
Received: from localhost ([::1]:52683 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbgO-0005mw-GD
	for importer@patchew.org; Fri, 19 Oct 2018 16:47:44 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54848)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY4-0007zo-Mp
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY3-0002im-Rj
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:08 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:48250)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXx-0002YM-VA; Fri, 19 Oct 2018 16:39:02 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYQAI148280; Fri, 19 Oct 2018 20:39:01 GMT
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by aserp2120.oracle.com with ESMTP id 2n38nqp1sy-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:39:00 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKctNC027992
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:55 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9JKct7E024989;
	Fri, 19 Oct 2018 20:38:55 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=00OlDj+T0V1H2/4mJ8UdvhdbNXJrHT/3fXCcsmSTYwk=;
	b=3Rkv7JPF0uYfksXdDH5dUlL0fyTMjuSa4m8dEzXCb8hWRjP1LPVXXlwda7z1XpR8OXrn
	+2pY9nqomLhcD6a+busDMu4gjzf7HVWrSVEmusiiNGOlm76sYGZArvaqDATyxi/tQ17l
	hjtC0RAcRo4DsvFN+Cbv4FY/sdo8nuA+JSwau7+f2rIj/k1SehVo09aeeKp+MnxosI68
	Tg8w40Chdb9lOa/nKrGVtm7WBUNf12uhASBsdyyqR0GUCvc3UhfUkK86+itdoveCCPfd
	EThc1b/QXns11DHoFkIdm2UZEizEZPXZ5oJznJeIvZehwvPsWp/CXJqbD3VmHe27jBKY
	7Q==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:03 +0100
Message-Id: <1539981546-10596-6-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=4
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=394
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 141.146.126.78
Subject: [Qemu-devel] [PATCH v4 5/8] block: Fix potential Null pointer
 dereferences in vvfat.c
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

The calls to find_mapping_for_cluster() may return NULL but it
isn't always checked for before dereferencing the value returned.
Additionally, add some asserts to cover cases where NULL can't
be returned but which might not be obvious at first glance.

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
---
 block/vvfat.c | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index fc41841a5c3c..19f6725054a0 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -100,6 +100,7 @@ static inline void array_free(array_t* array)
 /* does not automatically grow */
 static inline void* array_get(array_t* array,unsigned int index) {
     assert(index < array->next);
+    assert(array->pointer);
     return array->pointer + index * array->item_size;
 }
=20
@@ -108,8 +109,7 @@ static inline int array_ensure_allocated(array_t* array=
, int index)
     if((index + 1) * array->item_size > array->size) {
         int new_size =3D (index + 32) * array->item_size;
         array->pointer =3D g_realloc(array->pointer, new_size);
-        if (!array->pointer)
-            return -1;
+        assert(array->pointer);
         memset(array->pointer + array->size, 0, new_size - array->size);
         array->size =3D new_size;
         array->next =3D index + 1;
@@ -2261,6 +2261,9 @@ static mapping_t* insert_mapping(BDRVVVFATState* s,
     }
     if (index >=3D s->mapping.next || mapping->begin > begin) {
         mapping =3D array_insert(&(s->mapping), index, 1);
+        if (mapping =3D=3D NULL) {
+            return NULL;
+        }
         mapping->path =3D NULL;
         adjust_mapping_indices(s, index, +1);
     }
@@ -2428,6 +2431,9 @@ static int commit_direntries(BDRVVVFATState* s,
     direntry_t* direntry =3D array_get(&(s->directory), dir_index);
     uint32_t first_cluster =3D dir_index =3D=3D 0 ? 0 : begin_of_direntry(=
direntry);
     mapping_t* mapping =3D find_mapping_for_cluster(s, first_cluster);
+    if (mapping =3D=3D NULL) {
+        return -1;
+    }
=20
     int factor =3D 0x10 * s->sectors_per_cluster;
     int old_cluster_count, new_cluster_count;
@@ -2494,6 +2500,9 @@ DLOG(fprintf(stderr, "commit_direntries for %s, paren=
t_mapping_index %d\n", mapp
         direntry =3D array_get(&(s->directory), first_dir_index + i);
         if (is_directory(direntry) && !is_dot(direntry)) {
             mapping =3D find_mapping_for_cluster(s, first_cluster);
+            if (mapping =3D=3D NULL) {
+                return -1;
+            }
             assert(mapping->mode & MODE_DIRECTORY);
             ret =3D commit_direntries(s, first_dir_index + i,
                 array_index(&(s->mapping), mapping));
@@ -2522,6 +2531,10 @@ static int commit_one_file(BDRVVVFATState* s,
     assert(offset < size);
     assert((offset % s->cluster_size) =3D=3D 0);
=20
+    if (mapping =3D=3D NULL) {
+        return -1;
+    }
+
     for (i =3D s->cluster_size; i < offset; i +=3D s->cluster_size)
         c =3D modified_fat_get(s, c);
=20
@@ -2668,8 +2681,12 @@ static int handle_renames_and_mkdirs(BDRVVVFATState*=
 s)
         if (commit->action =3D=3D ACTION_RENAME) {
             mapping_t* mapping =3D find_mapping_for_cluster(s,
                     commit->param.rename.cluster);
-            char* old_path =3D mapping->path;
+            char *old_path;
=20
+            if (mapping =3D=3D NULL) {
+                return -1;
+            }
+            old_path =3D mapping->path;
             assert(commit->path);
             mapping->path =3D commit->path;
             if (rename(old_path, mapping->path))
@@ -2690,10 +2707,15 @@ static int handle_renames_and_mkdirs(BDRVVVFATState=
* s)
                         direntry_t* d =3D direntry + i;
=20
                         if (is_file(d) || (is_directory(d) && !is_dot(d)))=
 {
+                            int l;
+                            char *new_path;
                             mapping_t* m =3D find_mapping_for_cluster(s,
                                     begin_of_direntry(d));
-                            int l =3D strlen(m->path);
-                            char* new_path =3D g_malloc(l + diff + 1);
+                            if (m =3D=3D NULL) {
+                                return -1;
+                            }
+                            l =3D strlen(m->path);
+                            new_path =3D g_malloc(l + diff + 1);
=20
                             assert(!strncmp(m->path, mapping->path, l2));
=20
@@ -3193,6 +3215,7 @@ static int enable_write_target(BlockDriverState *bs, =
Error **errp)
=20
     backing =3D bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALL=
OW_RDWR,
                                    &error_abort);
+    assert(backing);
     *(void**) backing->opaque =3D s;
=20
     bdrv_set_backing_hd(s->bs, backing, &error_abort);
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1539981765640786.0277797165991;
 Fri, 19 Oct 2018 13:42:45 -0700 (PDT)
Received: from localhost ([::1]:52656 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbbY-0001rl-D9
	for importer@patchew.org; Fri, 19 Oct 2018 16:42:44 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54753)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXz-0007wM-U7
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbXw-0002Xe-Mr
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:03 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:35620)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXu-0002Sv-Ny; Fri, 19 Oct 2018 16:38:58 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYH6N142411; Fri, 19 Oct 2018 20:38:58 GMT
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by userp2130.oracle.com with ESMTP id 2n384up8se-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:57 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcva7028115
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:57 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcvBr019352;
	Fri, 19 Oct 2018 20:38:57 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=b4wzeP81Nrdv6FDBnpVXfeW7CZti3TVWkkk161sQAGo=;
	b=G/+EWBzgyBWQgxZVZdZk2rdxfcbr+f4fnzZaJiX4wj1Hghk2EF5OkKjun/YCiWlPjB2/
	uUCzxaKK7dpRZnbLQE4bMqlJOtCOHdScaJWwrYK+29ASmTGQkA5iiUsVD2NRQPSDhiYm
	zwUDOK+O7C4mbFOWttHQzmdwouLAIrW6cEqOfyN83lgXPszaSeTR31GXL5YrRmvUKgvy
	WTOQV+NEos39Syq92lNDnF+zfKid5Ysr9qmU6HaZrNFf873C2EyA5QAYci0A7YLjjeCo
	6YUHWAJrd/xnFdSTTag/835MdWpy7F+U3ekn/kPi4ZjZ/ASlG1lUpTVi5fKM2XZ6TI5/
	mw==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:04 +0100
Message-Id: <1539981546-10596-7-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=923
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.86
Subject: [Qemu-devel] [PATCH v4 6/8] block: dump_qlist() may dereference a
 Null pointer
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

A NULL 'list' passed into function dump_qlist() isn't correctly
validated and can be passed to qlist_first() where it is dereferenced.

Given that dump_qlist() is static, and callers already do the right
thing, just add an assert to catch future potential bugs (plus the
added benefit of suppressing a warning from a static analysis tool
and removing this noise will help us better find real issues).

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 block/qapi.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/qapi.c b/block/qapi.c
index c66f949db839..e81be604217c 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -740,6 +740,8 @@ static void dump_qlist(fprintf_function func_fprintf, v=
oid *f, int indentation,
     const QListEntry *entry;
     int i =3D 0;
=20
+    assert(list);
+
     for (entry =3D qlist_first(list); entry; entry =3D qlist_next(entry), =
i++) {
         QType type =3D qobject_type(entry->value);
         bool composite =3D (type =3D=3D QTYPE_QDICT || type =3D=3D QTYPE_Q=
LIST);
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1539981867976544.247827276647;
 Fri, 19 Oct 2018 13:44:27 -0700 (PDT)
Received: from localhost ([::1]:52661 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbdC-0003mI-P7
	for importer@patchew.org; Fri, 19 Oct 2018 16:44:26 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54836)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY4-0007zJ-5q
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY1-0002db-15
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:08 -0400
Received: from userp2120.oracle.com ([156.151.31.85]:35356)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXw-0002W2-Hh; Fri, 19 Oct 2018 16:39:00 -0400
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
	by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKZ3bE095615; Fri, 19 Oct 2018 20:38:59 GMT
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by userp2120.oracle.com with ESMTP id 2n39brwxnv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:38:59 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcwSA028198
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:38:58 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKcwrC019362;
	Fri, 19 Oct 2018 20:38:58 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=sR0kWLfw37B8VgfUxXHVoBebY67ofMAmCBAwqRUXJGM=;
	b=mTEAjIOOFw1MlM9BjkOFPQO2Y7pTX/vg/3k7AM+55nOeLQR1gh0n5zzyU34Rs/jwygcu
	IfmV8wQYWMAldpuRTLHETxJ8dFZgo/2yXza8v8hQ7sI+xS6Z9Sd1akMv13Q/vV+sZDqs
	HflQ033iPwgCwCbj0syiJBex7k48L7HemeXT8i3StrBOiSx6vgigR0y6X37MEpkc1mco
	yirW4pb/MEno+nUU4IiKMJn+6d7Xgr/zwz7S7bnKDXLx/9Xr/BJrE+OP6F+05GgO2Oyi
	3h3SsWb/T/G5fk/WxSoDfu1amJ+WivSkZoY0/dkSMBr2LWTRg0nHkiPUmqvtuBR8OhS9
	Tw==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:05 +0100
Message-Id: <1539981546-10596-8-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=835
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.85
Subject: [Qemu-devel] [PATCH v4 7/8] qcow2: Read outside array bounds in
 qcow2_pre_write_overlap_check()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

The commit for 0e4e4318eaa5 increments QCOW2_OL_MAX_BITNR but does not
add an array entry for QCOW2_OL_BITMAP_DIRECTORY_BITNR to metadata_ol_names=
[].
As a result, an array dereference of metadata_ol_names[8] in
qcow2_pre_write_overlap_check() could result in a read outside of the array=
 bounds.

Fixes: 0e4e4318eaa5 ('qcow2: add overlap check for bitmap directory')

Cc: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
---
 block/qcow2-refcount.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 3c539f02e5ec..46082aeac1d6 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -2719,15 +2719,17 @@ int qcow2_check_metadata_overlap(BlockDriverState *=
bs, int ign, int64_t offset,
 }
=20
 static const char *metadata_ol_names[] =3D {
-    [QCOW2_OL_MAIN_HEADER_BITNR]    =3D "qcow2_header",
-    [QCOW2_OL_ACTIVE_L1_BITNR]      =3D "active L1 table",
-    [QCOW2_OL_ACTIVE_L2_BITNR]      =3D "active L2 table",
-    [QCOW2_OL_REFCOUNT_TABLE_BITNR] =3D "refcount table",
-    [QCOW2_OL_REFCOUNT_BLOCK_BITNR] =3D "refcount block",
-    [QCOW2_OL_SNAPSHOT_TABLE_BITNR] =3D "snapshot table",
-    [QCOW2_OL_INACTIVE_L1_BITNR]    =3D "inactive L1 table",
-    [QCOW2_OL_INACTIVE_L2_BITNR]    =3D "inactive L2 table",
+    [QCOW2_OL_MAIN_HEADER_BITNR]        =3D "qcow2_header",
+    [QCOW2_OL_ACTIVE_L1_BITNR]          =3D "active L1 table",
+    [QCOW2_OL_ACTIVE_L2_BITNR]          =3D "active L2 table",
+    [QCOW2_OL_REFCOUNT_TABLE_BITNR]     =3D "refcount table",
+    [QCOW2_OL_REFCOUNT_BLOCK_BITNR]     =3D "refcount block",
+    [QCOW2_OL_SNAPSHOT_TABLE_BITNR]     =3D "snapshot table",
+    [QCOW2_OL_INACTIVE_L1_BITNR]        =3D "inactive L1 table",
+    [QCOW2_OL_INACTIVE_L2_BITNR]        =3D "inactive L2 table",
+    [QCOW2_OL_BITMAP_DIRECTORY_BITNR]   =3D "bitmap directory",
 };
+QEMU_BUILD_BUG_ON(QCOW2_OL_MAX_BITNR !=3D ARRAY_SIZE(metadata_ol_names));
=20
 /*
  * First performs a check for metadata overlaps (through
--=20
1.8.3.1


From nobody Sat Apr 27 20:06:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=oracle.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 153998196840050.49676025357587;
 Fri, 19 Oct 2018 13:46:08 -0700 (PDT)
Received: from localhost ([::1]:52677 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1gDbek-0004wr-4O
	for importer@patchew.org; Fri, 19 Oct 2018 16:46:02 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54843)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY4-0007zb-FS
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Liam.Merwick@oracle.com>) id 1gDbY3-0002ir-Sg
	for qemu-devel@nongnu.org; Fri, 19 Oct 2018 16:39:08 -0400
Received: from userp2120.oracle.com ([156.151.31.85]:35414)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Liam.Merwick@oracle.com>)
	id 1gDbXy-0002Z3-QZ; Fri, 19 Oct 2018 16:39:03 -0400
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
	by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w9JKYPbD095167; Fri, 19 Oct 2018 20:39:02 GMT
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp2120.oracle.com with ESMTP id 2n39brwxp6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 19 Oct 2018 20:39:01 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
	by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKd0V3024780
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Fri, 19 Oct 2018 20:39:01 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10])
	by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9JKd0QY030817;
	Fri, 19 Oct 2018 20:39:00 GMT
Received: from ol7.uk.oracle.com (/10.175.186.240)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Fri, 19 Oct 2018 13:38:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2018-07-02;
	bh=zo64GhLGJWFhCagT++WkRM5tMxEF++SaWiNegNlBcZQ=;
	b=KMnmSZ5Jakq2CrfMPNl8z7VSZE11cosHo4xe/zbmrX7sqZjfKCXffjI/ugkVmV8KkaP4
	umnVYldLnh5v+VGBUBZEUvbjOhzTfHJSqlPG06oHI1x4dz+dsUY5gBoA+9xCzMDtC76I
	kK7zScaNrOkKP1dEh1iAOZL1aEax0ao7gOPZGvtMDrqp6J9kby35YAHUOobN7JZeH57D
	Ljre/0LNX6ZqjVC30x8v+xq2xLdbFt219UTRyrwszxM2YxpPd6VrYzr5al7wcb8rs43S
	+Bz3XxnnP7uc031puuvxqSTyd91P5tUf8VAkA+aSmLPjHaJBfx0wgIQzFrEhJ/AS3rmo
	nA==
From: Liam Merwick <Liam.Merwick@oracle.com>
To: qemu-devel@nongnu.org
Date: Fri, 19 Oct 2018 21:39:06 +0100
Message-Id: <1539981546-10596-9-git-send-email-Liam.Merwick@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
References: <1539981546-10596-1-git-send-email-Liam.Merwick@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9051
	signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=701
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1807170000 definitions=main-1810190183
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 156.151.31.85
Subject: [Qemu-devel] [PATCH v4 8/8] kvm: Potential NULL pointer dereference
 in kvm_arch_init_vcpu()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDMRC_1  RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

In kvm_arch_init_vcpu() a call to cpuid_find_entry() can return
NULL so the pointer returned should be checked before dereferencing it.

Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com>
---
 target/i386/kvm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dc4047b02fc5..eb19c87a9d25 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1177,7 +1177,9 @@ int kvm_arch_init_vcpu(CPUState *cs)
         c->ecx =3D c->edx =3D 0;
=20
         c =3D cpuid_find_entry(&cpuid_data.cpuid, kvm_base, 0);
-        c->eax =3D MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+        if (c) {
+            c->eax =3D MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
+       }
     }
=20
     cpuid_data.cpuid.nent =3D cpuid_i;
--=20
1.8.3.1