On Tue, Apr 16, 2024 at 8:22 PM Peter Maydell <peter.mayd...@linaro.org> wrote: > > On Tue, 16 Apr 2024 at 12:50, Peter Maydell <peter.mayd...@linaro.org> wrote: > > > > On Tue, 16 Apr 2024 at 12:05, Cindy Lu <l...@redhat.com> wrote: > > > > > > On Tue, Apr 16, 2024 at 6:01 PM Peter Maydell <peter.mayd...@linaro.org> > > > wrote: > > > > Hi; Coverity points out what it thinks is a problem in > > > > this commit (CID 1543938): > > > > > Here we pass that through to kvm_virtio_pci_vector_use_one(). > > > > In kvm_virtio_pci_vector_use_one()'s error-exit path ("undo") > > > > it does > > > > vector = virtio_queue_vector(vdev, queue_no); > > > > and in virtio_queue_vector() it does: > > > > > > > > return n < VIRTIO_QUEUE_MAX ? vdev->vq[n].vector : > > > > VIRTIO_NO_VECTOR; > > > > > > > > where 'n' is an int, so if we can get here with queue_no being > > > > VIRTIO_CONFIG_IRQ_IDX then we'll index off the front of the > > > > vdev->vq[] array. > > > > > > > > Maybe this is a "can't happen" case, but it does seem odd that > > > > virtio_queue_vector() only bounds-checks the "too big" case > > > > for its argument and not the "too small" case and/or it > > > > doesn't have a special case for VIRTIO_CONFIG_IRQ_IDX. > > > > > > > > > + } > > > > > +} > > > > > + > > > > > > > hi peter > > > I think we can simply remove the part > > > vector = virtio_queue_vector(vdev, queue_no); > > > the vector is get from virtio_pci_get_notifier() and don't need to get it > > > again > > > I will send the fix soon > > > > The error handling in kvm_virtio_pci_vector_use_one() looks > > a bit odd in other ways, too. The only bit of "undoing" > > it does as far as I can see is calling kvm_virtio_pci_irqfd_release(), > > but there is no code path that gets to there where the > > main codepath's call to kvm_virtio-pci_irqfd_use() succeeded > > and needs to be undone. So perhaps the entire "undo" code > > block should be deleted, and the "goto undo" lines > > replaced by simple "return ret;" ? (The codepath > > for "kvm_virtio_pci_irqfd_use() failed" already does the > > "kvm_virtio_pci_vq_vector_release()" by hand there.) > > In any case since the error handling in kvm_virtio_pci_vector_use_one() > isn't new in this commit (you can get the same problem via > kvm_virtio_pci_vector_config_use(), which is CID 1468940 > first detected in 2022), I think this is not something we need > to rush to fix before we release 9.0. If anybody disagrees now > would be a good time to say so :-) > > Paolo's comment on CID 1468940 was to suggest "virtio_queue_vector > should check VIRTIO_CONFIG_IRQ_IDX just like virtio_pci_get_notifier", > incidentally. > Hi peter, Really sorry all these mess, but I still have a stuipid question, where can I get this CID result ?maybe there are a mailing list?I just wonder maybe I can fix these code earlier next time, Really thanks for your help
thanks cindy > thanks > -- PMM >