diff options
| author | Zhenzhong Duan <zhenzhong.duan@intel.com> | 2024-05-22 12:39:56 +0800 |
|---|---|---|
| committer | Cédric Le Goater <clg@redhat.com> | 2024-05-22 10:04:21 +0200 |
| commit | 9442d8af674c80a2f8a7358977e1fc7ed43d2776 (patch) | |
| tree | e0c9660e238aa3b4d88434694230f30a2e4d2f65 /hw/vfio | |
| parent | 9067d50dff29b1b96ef0d4ab7448dbd7b636e55c (diff) | |
| download | qemu-9442d8af674c80a2f8a7358977e1fc7ed43d2776.zip qemu-9442d8af674c80a2f8a7358977e1fc7ed43d2776.tar.gz qemu-9442d8af674c80a2f8a7358977e1fc7ed43d2776.tar.bz2 | |
vfio/display: Fix error path in call site of ramfb_setup()
vfio_display_dmabuf_init() and vfio_display_region_init() calls
ramfb_setup() without checking its return value.
So we may run into a situation that vfio_display_probe() succeed
but errp is set. This is risky and may lead to assert failure in
error_setv().
Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: b290659fc3d ("hw/vfio/display: add ramfb support")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Diffstat (limited to 'hw/vfio')
| -rw-r--r-- | hw/vfio/display.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hw/vfio/display.c b/hw/vfio/display.c index fe624a6..d28b724 100644 --- a/hw/vfio/display.c +++ b/hw/vfio/display.c @@ -361,6 +361,9 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp) vdev); if (vdev->enable_ramfb) { vdev->dpy->ramfb = ramfb_setup(errp); + if (!vdev->dpy->ramfb) { + return -EINVAL; + } } vfio_display_edid_init(vdev); return 0; @@ -488,6 +491,9 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp) vdev); if (vdev->enable_ramfb) { vdev->dpy->ramfb = ramfb_setup(errp); + if (!vdev->dpy->ramfb) { + return -EINVAL; + } } return 0; } |