hw/virtio/vhost-user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
During protocol negotiation, when we the QEMU
stub does not support a backend with F_CONFIG,
it throws a warning and supresses the
VHOST_USER_PROTOCOL_F_CONFIG bit.
However, the warning uses warn_reportf_err macro
and passes an unitialized errp pointer. However,
the macro tries to edit the 'msg' member of the
unitialized Error and segfaults.
Instead, just use warn_report, which prints a
warning message directly to the output.
Fixes: 5653493 ("hw/virtio/vhost-user: don't suppress F_CONFIG when supported")
Signed-off-by: Albert Esteve <aesteve@redhat.com>
---
hw/virtio/vhost-user.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index e68daa35d4..34c331b3ba 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -2031,8 +2031,8 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque,
} else {
if (virtio_has_feature(protocol_features,
VHOST_USER_PROTOCOL_F_CONFIG)) {
- warn_reportf_err(*errp, "vhost-user backend supports "
- "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
+ warn_report("vhost-user backend supports "
+ "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
protocol_features &= ~(1ULL << VHOST_USER_PROTOCOL_F_CONFIG);
}
}
--
2.39.1On Thu, 2 Mar 2023 at 12:18, Albert Esteve <aesteve@redhat.com> wrote:
>
> During protocol negotiation, when we the QEMU
> stub does not support a backend with F_CONFIG,
> it throws a warning and supresses the
> VHOST_USER_PROTOCOL_F_CONFIG bit.
>
> However, the warning uses warn_reportf_err macro
> and passes an unitialized errp pointer. However,
> the macro tries to edit the 'msg' member of the
> unitialized Error and segfaults.
>
> Instead, just use warn_report, which prints a
> warning message directly to the output.
>
> Fixes: 5653493 ("hw/virtio/vhost-user: don't suppress F_CONFIG when supported")
> Signed-off-by: Albert Esteve <aesteve@redhat.com>
> ---
> hw/virtio/vhost-user.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index e68daa35d4..34c331b3ba 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -2031,8 +2031,8 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque,
> } else {
> if (virtio_has_feature(protocol_features,
> VHOST_USER_PROTOCOL_F_CONFIG)) {
> - warn_reportf_err(*errp, "vhost-user backend supports "
> - "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
> + warn_report("vhost-user backend supports "
> + "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does not.");
> protocol_features &= ~(1ULL << VHOST_USER_PROTOCOL_F_CONFIG);
> }
> }
This looks like the right fix to me. warn_reportf_err() is for
"print this message along with the information in the Error object".
But in this code path we are not trying to handle an error that
was reported to us by a function that sets up Error, so it's
not the right function to use.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
Hi,
I found the issue by chance, while working in not-yet-upstreamed virtio
code. I am not sure if there is any QEMU stub currently
upstreamed that does not support an F_CONFIG backend, to be able to trigger
the error. It may as well be that this branch
of the condition is never executed.
Nonetheless, the segfault can be triggered using the
tests/qtest/vhost-user-test, e.g., with the virtio-gpio device.
We can force the QEMU side to go into the else part of
the supports_f_config by applying this patch:
diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
index fe3da32c74..23634e74ce 100644
--- a/hw/virtio/vhost-user-gpio.c
+++ b/hw/virtio/vhost-user-gpio.c
@@ -226,8 +226,8 @@ static int vu_gpio_connect(DeviceState *dev, Error
**errp)
}
gpio->connected = true;
- vhost_dev_set_config_notifier(vhost_dev, &gpio_ops);
- gpio->vhost_user.supports_config = true;
+ //vhost_dev_set_config_notifier(vhost_dev, &gpio_ops);
+ gpio->vhost_user.supports_config = false;
ret = vhost_dev_init(vhost_dev, &gpio->vhost_user,
VHOST_BACKEND_TYPE_USER, 0, errp);
Without the patch the test would cause the segfault. Otherwise, it prints
the warning and fails afterwards.
I couldn't find a good way to properly cover this in a test, but I can try,
and add it to this patch if anyone has a suggestion.
BR,
Albert Esteve
On Thu, Mar 2, 2023 at 1:17 PM Albert Esteve <aesteve@redhat.com> wrote:
> During protocol negotiation, when we the QEMU
> stub does not support a backend with F_CONFIG,
> it throws a warning and supresses the
> VHOST_USER_PROTOCOL_F_CONFIG bit.
>
> However, the warning uses warn_reportf_err macro
> and passes an unitialized errp pointer. However,
> the macro tries to edit the 'msg' member of the
> unitialized Error and segfaults.
>
> Instead, just use warn_report, which prints a
> warning message directly to the output.
>
> Fixes: 5653493 ("hw/virtio/vhost-user: don't suppress F_CONFIG when
> supported")
> Signed-off-by: Albert Esteve <aesteve@redhat.com>
> ---
> hw/virtio/vhost-user.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index e68daa35d4..34c331b3ba 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -2031,8 +2031,8 @@ static int vhost_user_backend_init(struct vhost_dev
> *dev, void *opaque,
> } else {
> if (virtio_has_feature(protocol_features,
> VHOST_USER_PROTOCOL_F_CONFIG)) {
> - warn_reportf_err(*errp, "vhost-user backend supports "
> - "VHOST_USER_PROTOCOL_F_CONFIG but QEMU
> does not.");
> + warn_report("vhost-user backend supports "
> + "VHOST_USER_PROTOCOL_F_CONFIG but QEMU does
> not.");
> protocol_features &= ~(1ULL <<
> VHOST_USER_PROTOCOL_F_CONFIG);
> }
> }
> --
> 2.39.1
>
>
© 2016 - 2024 Red Hat, Inc.