On Thu, Aug 14, 2025 at 02:08:08PM +0300, ger...@altlinux.org wrote:
> From: Denis Rastyogin <ger...@altlinux.org>
>
> Add a NULL check for proxy->vector_irqfd in
> virtio_pci_one_vector_unmask() before taking the irqfd path.
> This prevents potential access to uninitialized state if
> vector_irqfd is absent.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Reported-by: Alexey Appolonov <ale...@altlinux.org>
> Signed-off-by: Denis Rastyogin <ger...@altlinux.org>
I don't really understand what this description means. defensive against
what? found in what sense? what is the uninitialized state accessed?
when is the potential for this access?
> ---
> hw/virtio/virtio-pci.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 767216d795..07904f6f9b 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1015,7 +1015,11 @@ static int virtio_pci_one_vector_unmask(VirtIOPCIProxy
> *proxy,
> event_notifier_set(n);
> }
> } else {
> - ret = kvm_virtio_pci_irqfd_use(proxy, n, vector);
> + if (proxy->vector_irqfd) {
> + ret = kvm_virtio_pci_irqfd_use(proxy, n, vector);
> + } else {
> + ret = -EFAULT;
> + }
> }
> return ret;
> }
> --
> 2.42.2
