[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH for-4.17 v2 1/5] vpci: don't assume that vpci per-device data exists unconditionally

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Tue, 25 Oct 2022 16:44:14 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E+gHaCnlEGM0dyPAS/K0/1cQ1iwF7mXhMFtAy5CGtoo=; b=Xcig0Ec5GNqxmoMTvVrqPXGdoo3dOCx0jnsxQCRrdpCftmVW0y1fdBvzcCp2oo+pX2uFda4I2ngHzNYhii2CBsE34GBlnlrh5YRf2+aIvlIHtmJivfGWgcEO9S5i2WlPdoXCJe2lmHmBfYqNYgPtzsgCgLMNFv20JFGW3/jRrrngnRom3lS7T6BEFD3vw++ShERN0TAIILe8pHseGziDM8CoKyarYHPIrNwdMhtPKxHjKWNWk3WaSSYVLjs0cTwqw7b3Oahg4VU139YRrpIbWWKvTYCdwAIKMwAPitngndKAq+YX0mqhtyd5PJ936Pjbn7MCDU+ASzn8LqBbMSig9Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ToKV/J6BjCbhqJKfpmfdeKTdUhCF67A3FTTifpiATNcFaV9+2AqG762hAdqnjjMZ7d7njv8vrRX3DkvRWS9bt1rPvzXDr7a04swA0yE+P98vAnqDRzZCG63/IByQn7jC/h2Bmv7UUy8ynpkQLCnc1/OJjN1bP9pZ7nRcHdHsDXC+6DMYIOEYX7Vig1h4nEBw6WQm3/t7VA2ginz1Ue+FcPsIpAq99dYYxIp1tEbmSLXNCjNH+R6NuVZ9X0Gc5IW7KIu8FgfENTubmFRWO4sslGk0IAJCEI7cRD1fck7GS73Ov8b3gjW1YfiX5Jrk1sSItAT8bhuFuiEWWEScEQbknA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Henry.Wang@xxxxxxx, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • Delivery-date: Tue, 25 Oct 2022 14:44:58 +0000
  • Ironport-data: A9a23:X6ABna1BRykFQ35BaPbD5fNwkn2cJEfYwER7XKvMYLTBsI5bpzJUn zROXTyGaPfeazb9c91ya4mx80wE6MTSz9AyQQo5pC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefSAOKU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNJg06/gEk35q6r4GlF5gZWic1j5zcyqVFEVPrzGonpR5fIatE8NvK3Q e/F0Ia48gvxl/v6Ior4+lpTWhRiro/6ZWBiuFIPM0SRqkEqShgJ+rQ6LJIhhXJ/0F1lqTzTJ OJl7vRcQS9xVkHFdX90vxNwS0mSNoUekFPLzOTWXWV+ACQqflO1q8iCAn3aMqUc5stxXkJr3 sU5DzAnMxqhmry4nZi0H7wEasQLdKEHPas5k1Q5l3T8MqxjRprOBaLX+dVfwTE8wNhUGurTb NYYbjwpawncZxpIOREcD5dWcOWA3yGjNWEH7gzL4/Zqi4TQ5FUZPLzFKt3ad8bMXcxItk2Zu njH7yLyBRRy2Nm3mWDYrCzx3LancSXTYJkvNry8x69TukTI/EZMWR8tXlSKrqzs4qK5c5cFQ 6AOwQI+oK53+EG1Q93VWxyjvGXCrhMaQ8BXEeAx9EeK0KW8yyaUAHIVCAFIbtMOvdUzAzct0 zehndnkGDhuu729Um+G+/GfqjbaBMQOBWoLZCtBSBRf5dDm+ds3lkiXEoslF7OphNroHz222 yqNsCU1m7QUi4gMyrm/+lfExTmro/AlUzII2+keZUr9hisRWWJvT9fABYTzhRqYELukcw==
  • Ironport-hdrordr: A9a23:HsPeFaEZY+5VymBSpLqFc5HXdLJyesId70hD6qkvc3Fom52j/f xGws5x6faVslkssb8b6LK90c67MAnhHP9OkPIs1NKZMDUO11HYSL2KgbGD/9SkIVyGygc/79 YeT0EBMqyWMbESt6+TjmiF+pQbsaG6GciT9JvjJhxWPGRXgs9bnmRE4lHxKDwKeOAKP+tOKL Osou584xawc3Ueacq2QlEDQuj4vtXO0LbrewQPCRIL4BSHyWrA0s+zLzGomjMlFx9fy7Yr9m bI1yT/+6WYqvm+jjvRzXXa4Zh6kMbojvFDGMuPoM4ILSiEsHfgWK1RH5m5+BwlquCm71gn1P HKvhcbJsx2r0jce2mkyCGdrjXI4XIL0TvP2FWYiXzsrYjSXzQhEfdMgopfb1/w91cglMsU6t MG40up875sST/QliX04NbFEztwkFCvnHYkmekPy1RCTIolbqNLp4B3xjIZLH45JlO11GkbKp guMCmFj8wmMW9yLkqp9FWH+ebcEUjaRXy9Mws/Us/86UkloJk29Tpb+CUlpAZxyHsMceg72w 36CNUYqFg3dL5xUUtcPpZ0fSLlMB27fTv8dESvHH/AKIYrf1rwlr+f2sRH2AjtQu1C8KcP
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
It's possible for a device to be assigned to a domain but have no
vpci structure if vpci_process_pending() failed and called
vpci_remove_device() as a result.  The unconditional accesses done by
vpci_{read,write}() and vpci_remove_device() to pdev->vpci would
then trigger a NULL pointer dereference.

Add checks for pdev->vpci presence in the affected functions.

Fixes: 9c244fdef7 ('vpci: add header handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/drivers/vpci/vpci.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 3467c0de86..647f7af679 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -37,7 +37,7 @@ extern vpci_register_init_t *const __end_vpci_array[];
 
 void vpci_remove_device(struct pci_dev *pdev)
 {
-    if ( !has_vpci(pdev->domain) )
+    if ( !has_vpci(pdev->domain) || !pdev->vpci )
         return;
 
     spin_lock(&pdev->vpci->lock);
@@ -326,7 +326,7 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, 
unsigned int size)
 
     /* Find the PCI dev matching the address. */
     pdev = pci_get_pdev(d, sbdf);
-    if ( !pdev )
+    if ( !pdev || !pdev->vpci )
         return vpci_read_hw(sbdf, reg, size);
 
     spin_lock(&pdev->vpci->lock);
@@ -436,7 +436,7 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned 
int size,
      * Passthrough everything that's not trapped.
      */
     pdev = pci_get_pdev(d, sbdf);
-    if ( !pdev )
+    if ( !pdev || !pdev->vpci )
     {
         vpci_write_hw(sbdf, reg, size, data);
         return;
-- 
2.37.3

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.