qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 956135: hw/block/nvme: fix resource leak in n

From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 956135: hw/block/nvme: fix resource leak in nvme_dif_rw
Date: Tue, 30 Mar 2021 05:09:04 -0700 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 9561353ddc35215141adf181d4d8f6f0d9655cc0
      
https://github.com/qemu/qemu/commit/9561353ddc35215141adf181d4d8f6f0d9655cc0
  Author: Klaus Jensen <k.jensen@samsung.com>
  Date:   2021-03-29 (Mon, 29 Mar 2021)

  Changed paths:
    M hw/block/nvme-dif.c

  Log Message:
  -----------
  hw/block/nvme: fix resource leak in nvme_dif_rw

If nvme_map_dptr() fails, nvme_dif_rw() will leak the bounce context.
Fix this by using the same error handling as everywhere else in the
function.

Reported-by: Coverity (CID 1451080)
Fixes: 146f720c5563 ("hw/block/nvme: end-to-end data protection")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>


  Commit: 3a69cadbef7af23a566dbe2400043c247c3d50ca
      
https://github.com/qemu/qemu/commit/3a69cadbef7af23a566dbe2400043c247c3d50ca
  Author: Klaus Jensen <k.jensen@samsung.com>
  Date:   2021-03-29 (Mon, 29 Mar 2021)

  Changed paths:
    M hw/block/nvme.c

  Log Message:
  -----------
  hw/block/nvme: fix ref counting in nvme_format_ns

Max noticed that since blk_aio_pwrite_zeroes() may invoke the callback
before returning, the callbacks will never see *count == 0 and thus
never free the count variable or decrement num_formats causing a CQE to
never be posted.

Coverity (CID 1451082) also picked up on the fact that count would not
be free'ed if the namespace was of zero size.

Fix both of these issues by explicitly checking *count and finalize for
the given namespace if --(*count) is zero. Enqueing a CQE if there are
no AIOs outstanding after this case is already handled by nvme_format()
by inspecting *num_formats.

Reported-by: Max Reitz <mreitz@redhat.com>
Reported-by: Coverity (CID 1451082)
Fixes: dc04d25e2f3f ("hw/block/nvme: add support for the format nvm command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>


  Commit: 7993b0f83fe5c3f8555e79781d5d098f99751a94
      
https://github.com/qemu/qemu/commit/7993b0f83fe5c3f8555e79781d5d098f99751a94
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-03-29 (Mon, 29 Mar 2021)

  Changed paths:
    M hw/block/nvme-dif.c
    M hw/block/nvme.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request' into staging

emulated nvme fixes

# gpg: Signature made Mon 29 Mar 2021 18:03:30 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-for-6.0-pull-request:
  hw/block/nvme: fix ref counting in nvme_format_ns
  hw/block/nvme: fix resource leak in nvme_dif_rw

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/ec2e6e016d24...7993b0f83fe5
reply via email to
[Prev in Thread] Current Thread [Next in Thread]