diff options
| author | Stefano Garzarella <sgarzare@redhat.com> | 2025-07-14 12:11:56 +0200 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2025-08-01 10:23:50 -0400 |
| commit | 4caf74916d09019e61c91f8cb1166510836d35e8 (patch) | |
| tree | 40ad46a96615835bc0d16006c9a940152f66265c /hw/avr/arduino.c | |
| parent | 4164adc476d85d46ef4901c05a9807b24473b00d (diff) | |
| download | qemu-4caf74916d09019e61c91f8cb1166510836d35e8.zip qemu-4caf74916d09019e61c91f8cb1166510836d35e8.tar.gz qemu-4caf74916d09019e61c91f8cb1166510836d35e8.tar.bz2 | |
net/vdpa: fix potential fd leak in net_init_vhost_vdpa()
Coverity reported a file descriptor leak (CID 1490785) that happens if
`vhost_vdpa_get_max_queue_pairs()` returns 0, since in that case
net_host_vdpa_init(), which should take ownership of the fd, is never
called.
vhost_vdpa_get_max_queue_pairs() returns 1 if VIRTIO_NET_F_MQ is not
negotiated, or a negative error if the ioctl() fails, or the maximum
number of queue pairs exposed by the device in the config space in the
`max_virtqueue_pairs` field. In the VIRTIO spec we have:
The device MUST set max_virtqueue_pairs to between 1 and 0x8000
inclusive, if it offers VIRTIO_NET_F_MQ.
So, if `vhost_vdpa_get_max_queue_pairs()` returns 0, it's really an
error since the device is violating the VIRTIO spec.
Treat also `queue_pairs == 0` as an error, and jump to the `err` label,
to return a negative value to the caller in any case.
Coverity: CID 1490785
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20250714101156.30024-1-sgarzare@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'hw/avr/arduino.c')
0 files changed, 0 insertions, 0 deletions