amd_iommu: Fix amdvi_realize() error API violation

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.

amdvi_realize() is wrong that way: it passes @errp to qdev_realize(),
object_property_get_int(), and msi_init() without checking it. I
can't tell offhand whether qdev_realize() can fail here. Fix by
checking it for failure. object_property_get_int() can't. Fix by
passing &error_abort instead.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200630090351.1247703-22-armbru@redhat.com>

Markus Armbruster 5 years ago 475fc97d 18d588fe

+4 -2

1 changed file

expand all

i386

amd_iommu.c

+4 -2

hw/i386/amd_iommu.c

··· 1549 1549 1550 1550 /* This device should take care of IOMMU PCI properties */ 1551 1551 x86_iommu->type = TYPE_AMD; 1552 - qdev_realize(DEVICE(&s->pci), &bus->qbus, errp); 1552 + if (!qdev_realize(DEVICE(&s->pci), &bus->qbus, errp)) { 1553 + return; 1554 + } 1553 1555 ret = pci_add_capability(&s->pci.dev, AMDVI_CAPAB_ID_SEC, 0, 1554 1556 AMDVI_CAPAB_SIZE, errp); 1555 1557 if (ret < 0) { ··· 1578 1580 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->mmio); 1579 1581 sysbus_mmio_map(SYS_BUS_DEVICE(s), 0, AMDVI_BASE_ADDR); 1580 1582 pci_setup_iommu(bus, amdvi_host_dma_iommu, s); 1581 - s->devid = object_property_get_int(OBJECT(&s->pci), "addr", errp); 1583 + s->devid = object_property_get_int(OBJECT(&s->pci), "addr", &error_abort); 1582 1584 msi_init(&s->pci.dev, 0, 1, true, false, errp); 1583 1585 amdvi_init(s); 1584 1586 }