vfio-helpers: Fix qemu_vfio_open_pci() crash

qemu_vfio_open_common() initializes s->lock only after passing s to qemu_vfio_dma_map() via qemu_vfio_init_ramblock(). qemu_vfio_dma_map() tries to lock the uninitialized lock and crashes. Fix by initializing s->lock first. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1645840 Fixes: 418026ca Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20181127084143.1113-1-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vfio-helpers: Fix qemu_vfio_open_pci() crash
qemu_vfio_open_common() initializes s->lock only after passing s to qemu_vfio_dma_map() via qemu_vfio_init_ramblock(). qemu_vfio_dma_map() tries to lock the uninitialized lock and crashes. Fix by initializing s->lock first. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1645840 Fixes: 418026ca Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20181127084143.1113-1-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
549b50a3 · Markus Armbruster · Peter Maydell · 59ed3fe8 · 549b50a3
Commit 549b50a3 authored 6 years ago by Markus Armbruster Committed by Peter Maydell 6 years ago
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -411,13 +411,13 @@ static int qemu_vfio_init_ramblock(const char *block_name, void *host_addr,

 static void qemu_vfio_open_common(QEMUVFIOState *s)
 {
+    qemu_mutex_init(&s->lock);
    s->ram_notifier.ram_block_added = qemu_vfio_ram_block_added;
    s->ram_notifier.ram_block_removed = qemu_vfio_ram_block_removed;
    ram_block_notifier_add(&s->ram_notifier);
    s->low_water_mark = QEMU_VFIO_IOVA_MIN;
    s->high_water_mark = QEMU_VFIO_IOVA_MAX;
    qemu_ram_foreach_block(qemu_vfio_init_ramblock, s);
-    qemu_mutex_init(&s->lock);
 }

 /**