From 96ac9719331c0fd6e928b340f850b8cb617a3cea Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 20 Jul 2021 14:53:56 +0200 Subject: [PATCH] multi-process: Fix pci_proxy_dev_realize() error handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call. pci_proxy_dev_realize() is wrong that way: it passes @errp to qio_channel_new_fd() without checking for failure. If it runs into another failure, it trips error_setv()'s assertion. Fix it to check for failure properly. Fixes: 9f8112073aad8e485ac012ee18809457ab7f23a6 Cc: Elena Ufimtseva Cc: Jagannathan Raman Cc: John G Johnson Cc: Stefan Hajnoczi Signed-off-by: Markus Armbruster Message-Id: <20210720125408.387910-5-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé Acked-by: Jagannathan Raman Acked-by: Michael S. Tsirkin --- hw/remote/proxy.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c index 6dda705fc2..499f540c94 100644 --- a/hw/remote/proxy.c +++ b/hw/remote/proxy.c @@ -102,10 +102,18 @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp) } dev->ioc = qio_channel_new_fd(fd, errp); + if (!dev->ioc) { + close(fd); + return; + } error_setg(&dev->migration_blocker, "%s does not support migration", TYPE_PCI_PROXY_DEV); - migrate_add_blocker(dev->migration_blocker, errp); + if (migrate_add_blocker(dev->migration_blocker, errp) < 0) { + error_free(dev->migration_blocker); + object_unref(dev->ioc); + return; + } qemu_mutex_init(&dev->io_mutex); qio_channel_set_blocking(dev->ioc, true, NULL);