Patchwork [v2,1/2] vhost-scsi: fix k->set_guest_notifiers() NULL dereference

login
register
mail settings
Submitter Stefan Hajnoczi
Date June 3, 2013, 8:58 a.m.
Message ID <1370249911-19708-2-git-send-email-stefanha@redhat.com>
Download mbox | patch
Permalink /patch/248201/
State New
Headers show

Comments

Stefan Hajnoczi - June 3, 2013, 8:58 a.m.
Coverity picked up a copy-paste bug.  In vhost_scsi_start() we check for
!k->set_guest_notifiers and error out.  The check probably got copied
but instead of erroring we actually use the function pointer!

Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Asias He <asias@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/scsi/vhost-scsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Paolo Bonzini - June 3, 2013, 9:07 a.m.
Il 03/06/2013 10:58, Stefan Hajnoczi ha scritto:
> Coverity picked up a copy-paste bug.  In vhost_scsi_start() we check for
> !k->set_guest_notifiers and error out.  The check probably got copied
> but instead of erroring we actually use the function pointer!

Exactly. :)

Applied to scsi branch, thanks.

Paolo

> Cc: Nicholas Bellinger <nab@linux-iscsi.org>
> Cc: Asias He <asias@redhat.com>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  hw/scsi/vhost-scsi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
> index d7a1c33..785e93f 100644
> --- a/hw/scsi/vhost-scsi.c
> +++ b/hw/scsi/vhost-scsi.c
> @@ -123,7 +123,7 @@ static void vhost_scsi_stop(VHostSCSI *s)
>      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
>      int ret = 0;
>  
> -    if (!k->set_guest_notifiers) {
> +    if (k->set_guest_notifiers) {
>          ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false);
>          if (ret < 0) {
>                  error_report("vhost guest notifier cleanup failed: %d\n", ret);
>

Patch

diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index d7a1c33..785e93f 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -123,7 +123,7 @@  static void vhost_scsi_stop(VHostSCSI *s)
     VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
     int ret = 0;
 
-    if (!k->set_guest_notifiers) {
+    if (k->set_guest_notifiers) {
         ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false);
         if (ret < 0) {
                 error_report("vhost guest notifier cleanup failed: %d\n", ret);