[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH for-4.17 3/6] vpci: don't assume that vpci per-device data exists unconditionally

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Thu, 20 Oct 2022 11:46:46 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SYCSSJNqrhzg2jhEg2bewEOFbQS4tBVFIatzBZKv8Rw=; b=XPioA4wE6GNz6TDoJIP4UU1vZay1gIhwQi20bph8EaUHIggHloBrf4mbUZ0TsMHYObcRYj8KSsn5HMSXvPviNnuQqgSK592KO1YCPQnIK613PCFjRdCgOz/DUKDWWs3C1vcNmW/30vxJxYO4jJmiIL7Llfp63QAxglCv0BrX4ZdyYdfkhRJ8VAJBTsY2ObWwEjtx+Xh8lBxoBmki0KQr5V8BBmTsgDM4YROdY0L5DVPxolVtV+E55vyFHTsiMUI844F28fYv4xFTci2ZIyDZgTAgGNvwfmLnuVXrhIwnOIt2ilMdJGAoUFTXVSZWTgzLlX/C0gSsKUGqSWovirpHtQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XFLiqwF97r76+iujKXTPn0bxpXq49FfqTelivfw7CL2t22ZS3MPPuxK7YAA+lHSUFjb+jM9ZZWqvpBvaHhnj3wTZFTp2BjkGTfugqYVXzj0tm8pXGUtnng9My4a1/rQN/uql2boYFVz71WSufGGW9cHtE6r9jFkEfW0xvsDpAx25KrcOMERNTGfs9lzhgOR6j6U2Y+nbtrufeaEhV96HSkcyiUoohf/nOnN7cO8OOYM+u8Qda/O8aOSfuRo+A2BypKN21UMIwK20vJM2HhdZ4shznSaHCX7H8sUId0oapvhh8f0pK+PPZAPt+qtijC9UlTyRzwTg0u/STPp2KNZsiQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Thu, 20 Oct 2022 09:47:30 +0000
  • Ironport-data: A9a23:lkx/z6JoCmKKfgjdFE+Rq5QlxSXFcZb7ZxGr2PjKsXjdYENS3mQGy 2JJXGuDMquNZmH9eopwbY208R4AucTdnNZnSwRlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/vOHtIQMcacUghpXwhoVSw9vhxqnu89k+ZAjMOwRgiAo rsemeWGULOe82MyYz98B56r8ks15q2q4mtA5zTSWNgQ1LPgvyhNZH4gDfnZw0vQGuF8AuO8T uDf+7C1lkuxE8AFU47Nfh7TKyXmc5aKVeS8oiM+t5uK23CukhcawKcjXMfwXG8M49m/c3Kd/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTGCFcpqHLWyKE/hlgMK05FaYZ/vkpHzx3z qE/BDZXYDKel8e3zL3uH4GAhux7RCXqFKU2nyk6iAr/VLMhS52FRLjW79hF2jt2ntpJAfvVe 8seb3xocQjEZBpMfFwQDfrSns/x3iW5L2Ie9Q3T+ftfD2v7lWSd1JD3N9XYYJqSTNh9lUeEv GPWuW/+B3n2MfTPkmfbryLy2IcjmwukaNpPGr7/7sVamUGcxUkcKBYyCAG09KzRZkmWHog3x 1Yv0jojq+0++VKmSvH5XgakuziUsxgEQd1SHuYmrgaXxcLpDx2xA2EFSntaboUvssYzHWYuz gXRw4KvAiFzurqIT37b7q2TsT65JSkSKykFeDMASgwGpdLkpenfky7yczqqK4bt5vWdJN066 2niQPQW71nLsfM26g==
  • Ironport-hdrordr: A9a23:POP50KlD7TikpDLkIrQHCH8EMgXpDfO3imdD5ihNYBxZY6Wkfp +V8cjzhCWftN9OYhodcLC7V5Voj0msl6KdhrNhR4tKPTOWw1dASbsP0WKM+UyFJ8STzI5gPO JbAtFD4b7LfCdHZLjBkW6F+r8bqbHokZxAx92ut0uFJTsaF52IhD0JbzpzfHcGJzWvUvECZe ehD4d81kydUEVSSv7+KmgOXuDFqdGOvJX6YSQeDxpizAWVlzun5JPzDhDdh34lInty6IZn1V KAvx3y562lvf3+4hjA11XL55ATvNf60NNMCOGFl8BQADTxjQSDYphnRtS5zXkIidDqzGxvvM jHoh8mMcg2w3TNflutqR+o4AXk2CZG0Q6W9XaoxV/Y5eDpTjMzDMRMwahDdAHC1kYmtNZglI pWwmOwrfNsfF/9tRW4w+KNewBhl0Kyr3Znu/UUlWZjXYwXb6IUhZAD/XlSDIwLEEvBmc0a+d FVfY/hDcttABKnhyizhBgu/DXsZAV4Iv6+eDlMhiTPuAIm30yQzCMjtb4idzk7hdAAoqJ/lp T525RT5c9zp/AtHNNA7Z86MK2K40z2MGbx2TGpUCPaPZBCHU7xgLjKx5hwzN2WWfUzvegPcd L6IRhliVI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
It's possible for a device to be assigned to a domain but have no
vpci structure if vpci_process_pending() failed and called
vpci_remove_device() as a result.  The unconditional accesses done by
vpci_{read,write}() and vpci_remove_device() to pdev->vpci would
then trigger a NULL pointer dereference.

Add checks for pdev->vpci presence in the affected functions.

Fixes: 9c244fdef7 ('vpci: add header handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
 xen/drivers/vpci/vpci.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 3467c0de86..647f7af679 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -37,7 +37,7 @@ extern vpci_register_init_t *const __end_vpci_array[];
 
 void vpci_remove_device(struct pci_dev *pdev)
 {
-    if ( !has_vpci(pdev->domain) )
+    if ( !has_vpci(pdev->domain) || !pdev->vpci )
         return;
 
     spin_lock(&pdev->vpci->lock);
@@ -326,7 +326,7 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, 
unsigned int size)
 
     /* Find the PCI dev matching the address. */
     pdev = pci_get_pdev(d, sbdf);
-    if ( !pdev )
+    if ( !pdev || !pdev->vpci )
         return vpci_read_hw(sbdf, reg, size);
 
     spin_lock(&pdev->vpci->lock);
@@ -436,7 +436,7 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned 
int size,
      * Passthrough everything that's not trapped.
      */
     pdev = pci_get_pdev(d, sbdf);
-    if ( !pdev )
+    if ( !pdev || !pdev->vpci )
     {
         vpci_write_hw(sbdf, reg, size, data);
         return;
-- 
2.37.3

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.