From a32086de4919b9affb2ab2d0112d400eaf89f607 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Thu, 30 Jun 2022 10:52:19 +0200 Subject: [PATCH 1/2] contrib/vhost-user-blk: Clean up deallocation of VuVirtqElement We allocate VuVirtqElement with g_malloc() in virtqueue_alloc_element(), but free it with free() in vhost-user-blk.c. Harmless, but use g_free() anyway. One of the calls is guarded by a "not null" condition. Useless, because it cannot be null (it's dereferenced right before), and even it it could be, free() and g_free() do the right thing. Drop the conditional. Fixes: Coverity CID 1490290 Signed-off-by: Markus Armbruster Reviewed-by: Raphael Norwitz Acked-by: Michael S. Tsirkin Message-Id: <20220630085219.1305519-1-armbru@redhat.com> Signed-off-by: Laurent Vivier --- contrib/vhost-user-blk/vhost-user-blk.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/contrib/vhost-user-blk/vhost-user-blk.c b/contrib/vhost-user-blk/vhost-user-blk.c index 9cb78ca1d0..d6932a2645 100644 --- a/contrib/vhost-user-blk/vhost-user-blk.c +++ b/contrib/vhost-user-blk/vhost-user-blk.c @@ -106,10 +106,7 @@ static void vub_req_complete(VubReq *req) req->size + 1); vu_queue_notify(vu_dev, req->vq); - if (req->elem) { - free(req->elem); - } - + g_free(req->elem); g_free(req); } @@ -243,7 +240,7 @@ static int vub_virtio_process_req(VubDev *vdev_blk, /* refer to hw/block/virtio_blk.c */ if (elem->out_num < 1 || elem->in_num < 1) { fprintf(stderr, "virtio-blk request missing headers\n"); - free(elem); + g_free(elem); return -1; } @@ -325,7 +322,7 @@ static int vub_virtio_process_req(VubDev *vdev_blk, return 0; err: - free(elem); + g_free(elem); g_free(req); return -1; } From 9390da5ef29a5e0f98e5b482dceeeb287c452f17 Mon Sep 17 00:00:00 2001 From: Qiang Liu Date: Mon, 8 Aug 2022 16:01:16 +0800 Subject: [PATCH 2/2] xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command In xlnx_dp_aux_set_command, when the command leads to the default branch, xlxn-dp will abort and then crash. This patch removes this abort and drops this operation. Fixes: 58ac482 ("introduce xlnx-dp") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/411 Reported-by: Qiang Liu Tested-by: Qiang Liu Suggested-by: Thomas Huth Signed-off-by: Qiang Liu Reviewed-by: Thomas Huth Reviewed-by: Frederic Konrad Message-Id: <20220808080116.2184881-1-cyruscyliu@gmail.com> Signed-off-by: Laurent Vivier --- hw/display/xlnx_dp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c index a071c81883..b0828d65aa 100644 --- a/hw/display/xlnx_dp.c +++ b/hw/display/xlnx_dp.c @@ -532,8 +532,8 @@ static void xlnx_dp_aux_set_command(XlnxDPState *s, uint32_t value) qemu_log_mask(LOG_UNIMP, "xlnx_dp: Write i2c status not implemented\n"); break; default: - error_report("%s: invalid command: %u", __func__, cmd); - abort(); + qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid command: %u", __func__, cmd); + return; } s->core_registers[DP_INTERRUPT_SIGNAL_STATE] |= 0x04;