diff options
| author | Swapnil Ingle <swapnil.ingle@nutanix.com> | 2021-08-26 14:43:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-26 14:43:11 +0200 |
| commit | 2ed612697e8fde14e9995cc1ac4dd5143ae8e0b7 (patch) | |
| tree | 3dcad704486a9b650c065e4bf82961ede1823a53 /lib | |
| parent | 647c9341d2e06266a710ddd075f69c95dd3b8446 (diff) | |
| download | libvfio-user-2ed612697e8fde14e9995cc1ac4dd5143ae8e0b7.zip libvfio-user-2ed612697e8fde14e9995cc1ac4dd5143ae8e0b7.tar.gz libvfio-user-2ed612697e8fde14e9995cc1ac4dd5143ae8e0b7.tar.bz2 | |
Fix err path of handle_dma_unmap() (#597)
* initial dma_unmap test
Signed-off-by: John Levon <john.levon@nutanix.com>
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
* Fix err path of handle_dma_unmap()
Set msg->out_size before successful return. Otherwise in case of error
reply path we may endup setting iovecs[1].iov_len with invalid
iovecs[1].iov_base in tran_sock_reply()
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libvfio-user.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c index c9c78d6..4e6b81f 100644 --- a/lib/libvfio-user.c +++ b/lib/libvfio-user.c @@ -544,6 +544,7 @@ int handle_dma_unmap(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg, struct vfio_user_dma_unmap *dma_unmap) { + size_t out_size; int ret; char rstr[1024]; @@ -562,7 +563,7 @@ handle_dma_unmap(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg, vfu_log(vfu_ctx, LOG_DEBUG, "removing DMA region %s", rstr); - msg->out_size = sizeof(*dma_unmap); + out_size = sizeof(*dma_unmap); if (dma_unmap->flags == VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) { if (msg->in_size < sizeof(*dma_unmap) + sizeof(*dma_unmap->bitmap) @@ -583,15 +584,13 @@ handle_dma_unmap(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg, * temporary anyway since we're moving dirty page tracking out of * the DMA controller. */ - msg->out_size += sizeof(*dma_unmap->bitmap) + dma_unmap->bitmap->size; + out_size += sizeof(*dma_unmap->bitmap) + dma_unmap->bitmap->size; } else if (dma_unmap->flags != 0) { vfu_log(vfu_ctx, LOG_ERR, "bad flags=%#x", dma_unmap->flags); return ERROR_INT(ENOTSUP); } - - - msg->out_data = malloc(msg->out_size); + msg->out_data = malloc(out_size); if (msg->out_data == NULL) { return ERROR_INT(ENOMEM); } @@ -622,6 +621,7 @@ handle_dma_unmap(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg, "failed to remove DMA region %s: %m", rstr); return ERROR_INT(ret); } + msg->out_size = out_size; return ret; } |