From nobody Sat Nov 15 08:35:16 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1754058806; cv=none; d=zohomail.com; s=zohoarc; b=K3uPaqBe+EjGk271Y49jfS5jGpmCHj+S4aExhLrOsMVc45rjcapQAispeYYmiyn44+5+/n3WbjjEdTL0fotwTjaUzgxkobPIerbTCj3MCyA6MqbKVL8tXCzf56m8vaHqW6sKpWSkQu8dH5SiCstqR+eq7TkqwAMns+k18wcqKbo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1754058806; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dGbO7vd636Hu1LhHD46O82pGLm04aUgQk2cK4yysdEk=; b=dSSfS5QdZZ89Mc5dGqf0RI5/LcF0mMWz4fi4p5jpL531W/vGKG57D0SriUVj3uiEleeSyI8cqDaCgUa+N2MhRiOzJaQDrDg9X0ju5U7e1YviiniqdBpmXo8VA0aHNf5zsn8809AIbMjlrP+tZrK1kZgoNuN+kWnm4rKYy5+m0KI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1754058806384444.8430188564132; Fri, 1 Aug 2025 07:33:26 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uhqnS-0006iI-NN; Fri, 01 Aug 2025 10:31:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uhqhi-0005nd-LX for qemu-devel@nongnu.org; Fri, 01 Aug 2025 10:25:54 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uhqhe-0002sS-JN for qemu-devel@nongnu.org; Fri, 01 Aug 2025 10:25:48 -0400 Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-622-x7koJ-GgOe2MQ0tETarNJA-1; Fri, 01 Aug 2025 10:25:44 -0400 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3b7825a2ca5so1586772f8f.1 for ; Fri, 01 Aug 2025 07:25:43 -0700 (PDT) Received: from redhat.com ([2a0d:6fc0:1515:7300:62e6:253a:2a96:5e3]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3b79c3abec8sm6360138f8f.8.2025.08.01.07.25.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Aug 2025 07:25:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1754058345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=dGbO7vd636Hu1LhHD46O82pGLm04aUgQk2cK4yysdEk=; b=XBw4PrWAKx+osTq3jm+kLiH3p1C1BZrrEGCbvvxVYjh+l3JP+S8V9ri0NYrVtcSfaNgGE7 Q2Y3LHMDQtEfG6+SaPV11bUvuTrlkMncXzNrYNnEyETg34NpILE+6nXmlh/2Yb7yvh9/5I /DeeuSSclebxiXeFCofI5Ta25lSgB/U= X-MC-Unique: x7koJ-GgOe2MQ0tETarNJA-1 X-Mimecast-MFC-AGG-ID: x7koJ-GgOe2MQ0tETarNJA_1754058343 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754058342; x=1754663142; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dGbO7vd636Hu1LhHD46O82pGLm04aUgQk2cK4yysdEk=; b=nBmv3MXjg3QNSSLQwQeCPFi7iZM3Zzilxt5bnvvh+1bSpX0UKaShI8OF128lPIYTO6 Hx0qeK1tu/yJ7BV82ldaktA7jWnjd5WwZKo2diU9XuFNIHVGeQe3tQWya49k0sbpbaUR TJi8fh8N4k8r4rlUBxk4SGqz5ZJmGITgRW/fVSSfwnTVR24Jk00i/PM7bzCax4tRew8O g4gc+5/Xzx7dqvEP3S+9kvxYtlL3X4a8rVY5UxWMaOQHoXF2HcsdK4qJNhp9q29pK8mG R9WQBFHPkuB2TDbszf+TyydqMIDOZdJlMr3LVgh8xJzxX5MkcCMrCUGcHyzXWgboMX3z EIKQ== X-Gm-Message-State: AOJu0Yw4y60aP3yHT9y2XkUDYt95QafGYO4sOMti2qndJQQLOYffKt16 EQmEJFuqPV5oVl2MV31vI1eaMrTUePUb1rir3T3yBp1pZG2O7KZ0sS8H1d8IB20aZ6/MhoraxUl 3kcfmkBHcO/jywbaHNZJCdBVh1PriOvQcZEBPkC6QFICquObCnBVui07ZJFwRXbwtdiUPr01E1D 8FGr1rJMGzOrS0PGgAOasYahHA9HMXfWlfNg== X-Gm-Gg: ASbGnctGUXBNgHnqEbqhplPKUazUYYm7UlNudL/OpsY/fbyrfvfGwaPGikmBZgVipap HMwncvmJSwTphzpkvoWJjyMzFUbtgQwU6Kdl0vqKGRdA827tzmwlEJepi0wrS8KKzqCvl/cw9yk R7RPJEeaatPRcEPj1TF3hcebH0K8oWVdOVrkpuYi28McQpuHqmp6jp5yKugqVz7EpuANYhSIFJ6 TH9cvq8Kque9PJMKyDAtCHA+4Fq+GZAQsqA6LX83aETRP1SqzJThHos6nyu4lcCOlwQ2OdupAli kNCztP6c6NsrymFYA+Ni8Uonnt0D9fs5 X-Received: by 2002:a05:6000:430b:b0:3b4:9ade:4e8a with SMTP id ffacd0b85a97d-3b79d4e0b4bmr5800464f8f.21.1754058342389; Fri, 01 Aug 2025 07:25:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGl0is/rcqzTgv6qbWMWQ2gfImg3xA4GSo3aSk4vVpb8eS24zyZ7S2sUmRqUIE5D10RcbTsuQ== X-Received: by 2002:a05:6000:430b:b0:3b4:9ade:4e8a with SMTP id ffacd0b85a97d-3b79d4e0b4bmr5800435f8f.21.1754058341889; Fri, 01 Aug 2025 07:25:41 -0700 (PDT) Date: Fri, 1 Aug 2025 10:25:39 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Cc: Peter Maydell , Stefano Garzarella , Manos Pitsidianakis , Jason Wang Subject: [PULL 17/17] net/vdpa: fix potential fd leak in net_init_vhost_vdpa() Message-ID: <4caf74916d09019e61c91f8cb1166510836d35e8.1754058276.git.mst@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1754058808095116600 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Stefano Garzarella Coverity reported a file descriptor leak (CID 1490785) that happens if `vhost_vdpa_get_max_queue_pairs()` returns 0, since in that case net_host_vdpa_init(), which should take ownership of the fd, is never called. vhost_vdpa_get_max_queue_pairs() returns 1 if VIRTIO_NET_F_MQ is not negotiated, or a negative error if the ioctl() fails, or the maximum number of queue pairs exposed by the device in the config space in the `max_virtqueue_pairs` field. In the VIRTIO spec we have: The device MUST set max_virtqueue_pairs to between 1 and 0x8000 inclusive, if it offers VIRTIO_NET_F_MQ. So, if `vhost_vdpa_get_max_queue_pairs()` returns 0, it's really an error since the device is violating the VIRTIO spec. Treat also `queue_pairs =3D=3D 0` as an error, and jump to the `err` label, to return a negative value to the caller in any case. Coverity: CID 1490785 Suggested-by: Peter Maydell Signed-off-by: Stefano Garzarella Message-Id: <20250714101156.30024-1-sgarzare@redhat.com> Suggested-by: Peter Maydell Signed-off-by: Stefano Garzarella Reviewed-by: Manos Pitsidianakis Acked-by: Jason Wang --- net/vhost-vdpa.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c index 6a30a44d2b..74d26a9497 100644 --- a/net/vhost-vdpa.c +++ b/net/vhost-vdpa.c @@ -1840,9 +1840,8 @@ int net_init_vhost_vdpa(const Netdev *netdev, const c= har *name, =20 queue_pairs =3D vhost_vdpa_get_max_queue_pairs(vdpa_device_fd, feature= s, &has_cvq, errp); - if (queue_pairs < 0) { - qemu_close(vdpa_device_fd); - return queue_pairs; + if (queue_pairs <=3D 0) { + goto err; } =20 r =3D vhost_vdpa_get_iova_range(vdpa_device_fd, &iova_range); --=20 MST