qemu-e2k/hw/vfio
Evgeny Yakovlev d964d3b5ab hw/vfio/pci: fix double free in vfio_msi_disable
The following guest behaviour patter leads to double free in VFIO PCI:

1. Guest enables MSI interrupts
vfio_msi_enable is called, but fails in vfio_enable_vectors.
In our case this was because VFIO GPU device was in D3 state.
Unhappy path in vfio_msi_enable will g_free(vdev->msi_vectors) but not
set this pointer to NULL

2. Guest still sees MSI an enabled after that because emulated config
write is done in vfio_pci_write_config unconditionally before calling
vfio_msi_enable

3. Guest disables MSI interrupts
vfio_msi_disable is called and tries to g_free(vdev->msi_vectors)
in vfio_msi_disable_common => double free

Signed-off-by: Evgeny Yakovlev <wrfsh@yandex-team.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-10-10 11:07:28 -06:00
..
amd-xgbe.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ap.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
calxeda-xgmac.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ccw.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
common.c memory: allow memory_region_register_iommu_notifier() to fail 2019-10-04 18:49:18 +02:00
display.c vfio/display: set dmabuf modifier field 2019-06-07 11:52:35 +02:00
Kconfig
Makefile.objs
pci-quirks.c memory: Access MemoryRegion with endianness 2019-09-03 08:30:39 -07:00
pci.c hw/vfio/pci: fix double free in vfio_msi_disable 2019-10-10 11:07:28 -06:00
pci.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
platform.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
spapr.c vfio: Turn the container error into an Error handle 2019-10-04 18:49:18 +02:00
trace-events