Re: [RFC v2 13/15] vfio/iommufd: Implement the iommufd backend

2022-10-05 Thread Eric Auger 
Hi Alister,
On 10/4/22 08:47, Alistair Popple wrote:
> Yi Liu  writes:
>
> [...]
>
>> +static int vfio_get_devicefd(const char *sysfs_path, Error **errp)
>> +{
>> +long int ret = -ENOTTY;
>> +char *path, *vfio_dev_path = NULL, *vfio_path = NULL;
>> +DIR *dir;
>> +struct dirent *dent;
>> +gchar *contents;
>> +struct stat st;
>> +gsize length;
>> +int major, minor;
>> +dev_t vfio_devt;
>> +
>> +path = g_strdup_printf("%s/vfio-device", sysfs_path);
>> +if (stat(path, ) < 0) {
>> +error_setg_errno(errp, errno, "no such host device");
>> +goto out_free_path;
>> +}
>> +
>> +dir = opendir(path);
>> +if (!dir) {
>> +error_setg_errno(errp, errno, "couldn't open dirrectory %s", path);
>> +goto out_free_path;
>> +}
>> +
>> +while ((dent = readdir(dir))) {
>> +if (!strncmp(dent->d_name, "vfio", 4)) {
>> +vfio_dev_path = g_strdup_printf("%s/%s/dev", path, 
>> dent->d_name);
>> +break;
>> +}
>> +}
>> +
>> +if (!vfio_dev_path) {
>> +error_setg(errp, "failed to find vfio-device/vfioX/dev");
>> +goto out_free_path;
>> +}
>> +
>> +if (!g_file_get_contents(vfio_dev_path, , , NULL)) {
>> +error_setg(errp, "failed to load \"%s\"", vfio_dev_path);
>> +goto out_free_dev_path;
>> +}
>> +
>> +if (sscanf(contents, "%d:%d", , ) != 2) {
>> +error_setg(errp, "failed to get major:mino for \"%s\"", 
>> vfio_dev_path);
>> +goto out_free_dev_path;
>> +}
>> +g_free(contents);
>> +vfio_devt = makedev(major, minor);
>> +
>> +vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
>> +ret = open_cdev(vfio_path, vfio_devt);
>> +if (ret < 0) {
>> +error_setg(errp, "Failed to open %s", vfio_path);
>> +}
>> +
>> +trace_vfio_iommufd_get_devicefd(vfio_path, ret);
>> +g_free(vfio_path);
>> +
>> +out_free_dev_path:
>> +g_free(vfio_dev_path);
>> +out_free_path:
>> +g_free(path);
>> +
>> +if (*errp) {
>> +error_prepend(errp, VFIO_MSG_PREFIX, path);
> I ran into this while trying to get things running, so haven't reviewed
> the patch but noticed path is used after it's freed if !!*errp.

thank you for the bug report! We will fix that on the next iteration.

Eric
>
>  - Alistair
>
>> +}
>> +return ret;
>> +}

Re: [RFC v2 13/15] vfio/iommufd: Implement the iommufd backend

2022-10-04 Thread Alistair Popple 


Yi Liu  writes:

[...]

> +static int vfio_get_devicefd(const char *sysfs_path, Error **errp)
> +{
> +long int ret = -ENOTTY;
> +char *path, *vfio_dev_path = NULL, *vfio_path = NULL;
> +DIR *dir;
> +struct dirent *dent;
> +gchar *contents;
> +struct stat st;
> +gsize length;
> +int major, minor;
> +dev_t vfio_devt;
> +
> +path = g_strdup_printf("%s/vfio-device", sysfs_path);
> +if (stat(path, ) < 0) {
> +error_setg_errno(errp, errno, "no such host device");
> +goto out_free_path;
> +}
> +
> +dir = opendir(path);
> +if (!dir) {
> +error_setg_errno(errp, errno, "couldn't open dirrectory %s", path);
> +goto out_free_path;
> +}
> +
> +while ((dent = readdir(dir))) {
> +if (!strncmp(dent->d_name, "vfio", 4)) {
> +vfio_dev_path = g_strdup_printf("%s/%s/dev", path, dent->d_name);
> +break;
> +}
> +}
> +
> +if (!vfio_dev_path) {
> +error_setg(errp, "failed to find vfio-device/vfioX/dev");
> +goto out_free_path;
> +}
> +
> +if (!g_file_get_contents(vfio_dev_path, , , NULL)) {
> +error_setg(errp, "failed to load \"%s\"", vfio_dev_path);
> +goto out_free_dev_path;
> +}
> +
> +if (sscanf(contents, "%d:%d", , ) != 2) {
> +error_setg(errp, "failed to get major:mino for \"%s\"", 
> vfio_dev_path);
> +goto out_free_dev_path;
> +}
> +g_free(contents);
> +vfio_devt = makedev(major, minor);
> +
> +vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
> +ret = open_cdev(vfio_path, vfio_devt);
> +if (ret < 0) {
> +error_setg(errp, "Failed to open %s", vfio_path);
> +}
> +
> +trace_vfio_iommufd_get_devicefd(vfio_path, ret);
> +g_free(vfio_path);
> +
> +out_free_dev_path:
> +g_free(vfio_dev_path);
> +out_free_path:
> +g_free(path);
> +
> +if (*errp) {
> +error_prepend(errp, VFIO_MSG_PREFIX, path);

I ran into this while trying to get things running, so haven't reviewed
the patch but noticed path is used after it's freed if !!*errp.

 - Alistair

> +}
> +return ret;
> +}