xen_pt_msi.c: Check for xen_host_pci_get_* failures in xen_pt_msix_init()

Message ID 20170709163722.19284-1-peter.maydell@linaro.org
State Accepted
Commit 64c7c1175b4e3e6fe005934cde63259d8adad392
Headers show

Commit Message

Peter Maydell July 9, 2017, 4:37 p.m.
Check the return status of the xen_host_pci_get_* functions we call in
xen_pt_msix_init(), and fail device init if the reads failed rather than
ploughing ahead. (Spotted by Coverity: CID 777338.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---
Disclaimer: compile tested only!

The only other Xen-related Coverity issue outstanding is that
we don't check the return value of net_hub_id_for_client() in
xen_config_dev_nic(), but that's too complicated for me to figure
out what the right thing to do is (or if it's even a bug at all).
---
 hw/xen/xen_pt_msi.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

-- 
2.11.0

Comments

Stefano Stabellini July 10, 2017, 9:47 a.m. | #1
On Sun, 9 Jul 2017, Peter Maydell wrote:
> Check the return status of the xen_host_pci_get_* functions we call in

> xen_pt_msix_init(), and fail device init if the reads failed rather than

> ploughing ahead. (Spotted by Coverity: CID 777338.)

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>


I'll add it to my queue


> ---

> Disclaimer: compile tested only!

> 

> The only other Xen-related Coverity issue outstanding is that

> we don't check the return value of net_hub_id_for_client() in

> xen_config_dev_nic(), but that's too complicated for me to figure

> out what the right thing to do is (or if it's even a bug at all).

> ---

>  hw/xen/xen_pt_msi.c | 12 ++++++++++--

>  1 file changed, 10 insertions(+), 2 deletions(-)

> 

> diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c

> index 62add0639f..ff9a79f5d2 100644

> --- a/hw/xen/xen_pt_msi.c

> +++ b/hw/xen/xen_pt_msi.c

> @@ -535,7 +535,11 @@ int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)

>          return -1;

>      }

>  

> -    xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);

> +    rc = xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);

> +    if (rc) {

> +        XEN_PT_ERR(d, "Failed to read PCI_MSIX_FLAGS field\n");

> +        return rc;

> +    }

>      total_entries = control & PCI_MSIX_FLAGS_QSIZE;

>      total_entries += 1;

>  

> @@ -554,7 +558,11 @@ int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)

>                             + XC_PAGE_SIZE - 1)

>                            & XC_PAGE_MASK);

>  

> -    xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);

> +    rc = xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);

> +    if (rc) {

> +        XEN_PT_ERR(d, "Failed to read PCI_MSIX_TABLE field\n");

> +        goto error_out;

> +    }

>      bar_index = msix->bar_index = table_off & PCI_MSIX_FLAGS_BIRMASK;

>      table_off = table_off & ~PCI_MSIX_FLAGS_BIRMASK;

>      msix->table_base = s->real_device.io_regions[bar_index].base_addr;

> -- 

> 2.11.0

> 

>

Patch hide | download patch | download mbox

diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c
index 62add0639f..ff9a79f5d2 100644
--- a/hw/xen/xen_pt_msi.c
+++ b/hw/xen/xen_pt_msi.c
@@ -535,7 +535,11 @@  int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)
         return -1;
     }
 
-    xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);
+    rc = xen_host_pci_get_word(hd, base + PCI_MSIX_FLAGS, &control);
+    if (rc) {
+        XEN_PT_ERR(d, "Failed to read PCI_MSIX_FLAGS field\n");
+        return rc;
+    }
     total_entries = control & PCI_MSIX_FLAGS_QSIZE;
     total_entries += 1;
 
@@ -554,7 +558,11 @@  int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base)
                            + XC_PAGE_SIZE - 1)
                           & XC_PAGE_MASK);
 
-    xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);
+    rc = xen_host_pci_get_long(hd, base + PCI_MSIX_TABLE, &table_off);
+    if (rc) {
+        XEN_PT_ERR(d, "Failed to read PCI_MSIX_TABLE field\n");
+        goto error_out;
+    }
     bar_index = msix->bar_index = table_off & PCI_MSIX_FLAGS_BIRMASK;
     table_off = table_off & ~PCI_MSIX_FLAGS_BIRMASK;
     msix->table_base = s->real_device.io_regions[bar_index].base_addr;