1. Patchew
  2. QEMU
  3. [PATCH 0/2] xen: An error handling fix
  4. View patch

[PATCH 1/2] hw/xen: Fix xen_bus_realize() error handling

Markus Armbruster posted 2 patches 2 weeks, 6 days ago
[PATCH 1/2] hw/xen: Fix xen_bus_realize() error handling
Posted by Markus Armbruster 2 weeks, 6 days ago 
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL.  Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.

xen_bus_realize() is wrong that way: it passes &local_err to
xs_node_watch() in a loop.  If this fails in more than one iteration,
it can trip error_setv()'s assertion.

Fix by clearing @local_err.

Fixes: c4583c8c394e (xen-bus: reduce scope of backend watch)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 hw/xen/xen-bus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/xen/xen-bus.c b/hw/xen/xen-bus.c
index 8260f1e1bb..2aacc1436f 100644
--- a/hw/xen/xen-bus.c
+++ b/hw/xen/xen-bus.c
@@ -357,6 +357,7 @@ static void xen_bus_realize(BusState *bus, Error **errp)
             error_reportf_err(local_err,
                               "failed to set up '%s' enumeration watch: ",
                               type[i]);
+            local_err = NULL;
         }
 
         g_free(node);
-- 
2.48.1
Re: [PATCH 1/2] hw/xen: Fix xen_bus_realize() error handling
Posted by Stefano Stabellini 2 weeks, 6 days ago 
On Fri, 14 Mar 2025, Markus Armbruster wrote:
> The Error ** argument must be NULL, &error_abort, &error_fatal, or a
> pointer to a variable containing NULL.  Passing an argument of the
> latter kind twice without clearing it in between is wrong: if the
> first call sets an error, it no longer points to NULL for the second
> call.
> 
> xen_bus_realize() is wrong that way: it passes &local_err to
> xs_node_watch() in a loop.  If this fails in more than one iteration,
> it can trip error_setv()'s assertion.
> 
> Fix by clearing @local_err.
> 
> Fixes: c4583c8c394e (xen-bus: reduce scope of backend watch)
> Signed-off-by: Markus Armbruster <armbru@redhat.com>

Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>


> ---
>  hw/xen/xen-bus.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/xen/xen-bus.c b/hw/xen/xen-bus.c
> index 8260f1e1bb..2aacc1436f 100644
> --- a/hw/xen/xen-bus.c
> +++ b/hw/xen/xen-bus.c
> @@ -357,6 +357,7 @@ static void xen_bus_realize(BusState *bus, Error **errp)
>              error_reportf_err(local_err,
>                                "failed to set up '%s' enumeration watch: ",
>                                type[i]);
> +            local_err = NULL;
>          }
>  
>          g_free(node);
> -- 
> 2.48.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.