[PATCH] libvhost-user: Zero memory allocated for VuVirtqInflightDesc

elohimes@gmail.com posted 1 patch 4 years, 4 months ago
Test asan passed
Test checkpatch passed
Test docker-clang@ubuntu passed
Test docker-quick@centos7 passed
Test FreeBSD passed
Test docker-mingw@fedora passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20191119034851.2285-1-xieyongji@baidu.com
There is a newer version of this series
contrib/libvhost-user/libvhost-user.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
[PATCH] libvhost-user: Zero memory allocated for VuVirtqInflightDesc
Posted by elohimes@gmail.com 4 years, 4 months ago
From: Xie Yongji <xieyongji@baidu.com>

Use a zero-initialized VuVirtqInflightDesc struct to avoid
that scan-build reports that vq->resubmit_list[0].counter may
be garbage value in vu_check_queue_inflights().

Fixes: 5f9ff1eff ("libvhost-user: Support tracking inflight I/O in
shared memory")
Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Xie Yongji <xieyongji@baidu.com>
---
 contrib/libvhost-user/libvhost-user.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/contrib/libvhost-user/libvhost-user.c b/contrib/libvhost-user/libvhost-user.c
index 68c27136ae..e76d6e9920 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -992,7 +992,7 @@ vu_check_queue_inflights(VuDev *dev, VuVirtq *vq)
     vq->shadow_avail_idx = vq->last_avail_idx = vq->inuse + vq->used_idx;
 
     if (vq->inuse) {
-        vq->resubmit_list = malloc(sizeof(VuVirtqInflightDesc) * vq->inuse);
+        vq->resubmit_list = g_malloc0(sizeof(VuVirtqInflightDesc) * vq->inuse);
         if (!vq->resubmit_list) {
             return -1;
         }
@@ -1605,10 +1605,8 @@ vu_deinit(VuDev *dev)
             vq->err_fd = -1;
         }
 
-        if (vq->resubmit_list) {
-            free(vq->resubmit_list);
-            vq->resubmit_list = NULL;
-        }
+        g_free(vq->resubmit_list);
+        vq->resubmit_list = NULL;
 
         vq->inflight = NULL;
     }
@@ -2263,7 +2261,7 @@ vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz)
         elem = vu_queue_map_desc(dev, vq, vq->resubmit_list[i].index, sz);
 
         if (!vq->resubmit_num) {
-            free(vq->resubmit_list);
+            g_free(vq->resubmit_list);
             vq->resubmit_list = NULL;
         }
 
-- 
2.17.1


Re: [PATCH] libvhost-user: Zero memory allocated for VuVirtqInflightDesc
Posted by Marc-André Lureau 4 years, 4 months ago
Hi

On Tue, Nov 19, 2019 at 7:49 AM <elohimes@gmail.com> wrote:
>
> From: Xie Yongji <xieyongji@baidu.com>
>
> Use a zero-initialized VuVirtqInflightDesc struct to avoid
> that scan-build reports that vq->resubmit_list[0].counter may
> be garbage value in vu_check_queue_inflights().
>
> Fixes: 5f9ff1eff ("libvhost-user: Support tracking inflight I/O in
> shared memory")
> Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Signed-off-by: Xie Yongji <xieyongji@baidu.com>
> ---
>  contrib/libvhost-user/libvhost-user.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/contrib/libvhost-user/libvhost-user.c b/contrib/libvhost-user/libvhost-user.c
> index 68c27136ae..e76d6e9920 100644
> --- a/contrib/libvhost-user/libvhost-user.c
> +++ b/contrib/libvhost-user/libvhost-user.c
> @@ -992,7 +992,7 @@ vu_check_queue_inflights(VuDev *dev, VuVirtq *vq)
>      vq->shadow_avail_idx = vq->last_avail_idx = vq->inuse + vq->used_idx;
>
>      if (vq->inuse) {
> -        vq->resubmit_list = malloc(sizeof(VuVirtqInflightDesc) * vq->inuse);
> +        vq->resubmit_list = g_malloc0(sizeof(VuVirtqInflightDesc) * vq->inuse);

For better or worse, libvhost-user.c doesn't depend on glib (although
it's included by qemu common headers).

So I'd stick to calloc, until we do a whole-file switch to glib, to
avoid mixing functions.

>          if (!vq->resubmit_list) {
>              return -1;
>          }
> @@ -1605,10 +1605,8 @@ vu_deinit(VuDev *dev)
>              vq->err_fd = -1;
>          }
>
> -        if (vq->resubmit_list) {
> -            free(vq->resubmit_list);
> -            vq->resubmit_list = NULL;
> -        }
> +        g_free(vq->resubmit_list);
> +        vq->resubmit_list = NULL;
>
>          vq->inflight = NULL;
>      }
> @@ -2263,7 +2261,7 @@ vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz)
>          elem = vu_queue_map_desc(dev, vq, vq->resubmit_list[i].index, sz);
>
>          if (!vq->resubmit_num) {
> -            free(vq->resubmit_list);
> +            g_free(vq->resubmit_list);
>              vq->resubmit_list = NULL;
>          }
>
> --
> 2.17.1
>