From a1c0f886496cfb4c336f8eb4155ed424567d653e Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Thu, 23 Aug 2018 10:45:57 -0600 Subject: [PATCH 1/3] vfio/pci: Handle subsystem realpath() returning NULL Fix error reported by Coverity where realpath can return NULL, resulting in a segfault in strcmp(). This should never happen given that we're working through regularly structured sysfs paths, but trivial enough to easily avoid. Fixes: 238e91728503 ("vfio/ccw/pci: Allow devices to opt-in for ballooning") Signed-off-by: Alex Williamson --- hw/vfio/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index 056f3a887a..866f0deeb7 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -2879,7 +2879,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp) tmp = g_strdup_printf("%s/subsystem", vdev->vbasedev.sysfsdev); subsys = realpath(tmp, NULL); g_free(tmp); - is_mdev = (strcmp(subsys, "/sys/bus/mdev") == 0); + is_mdev = subsys && (strcmp(subsys, "/sys/bus/mdev") == 0); free(subsys); trace_vfio_mdev(vdev->vbasedev.name, is_mdev); From 8709b3954d4161bad30ccc435408ec50e10f53cc Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Thu, 23 Aug 2018 10:45:58 -0600 Subject: [PATCH 2/3] vfio/pci: Fix failure to close file descriptor on error A new error path fails to close the device file descriptor when triggered by a ballooning incompatibility within the group. Fix it. Fixes: 238e91728503 ("vfio/ccw/pci: Allow devices to opt-in for ballooning") Reviewed-by: Peter Xu Signed-off-by: Alex Williamson --- hw/vfio/common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index 3f31f80b12..7c185e5a2e 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -1432,6 +1432,7 @@ int vfio_get_device(VFIOGroup *group, const char *name, if (!QLIST_EMPTY(&group->device_list)) { error_setg(errp, "Inconsistent device balloon setting within group"); + close(fd); return -1; } From 154304cd6e99e4222ed762976f9d9aca33c094d3 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Thu, 23 Aug 2018 10:45:58 -0600 Subject: [PATCH 3/3] postcopy: Synchronize usage of the balloon inhibitor While the qemu_balloon_inhibit() interface appears rather general purpose, postcopy uses it in a last-caller-wins approach with no guarantee of balanced inhibits and de-inhibits. Wrap postcopy's usage of the inhibitor to give it one vote overall, using the same last-caller-wins approach as previously implemented at the balloon level. Fixes: 01ccbec7bdf6 ("balloon: Allow multiple inhibit users") Reported-by: Christian Borntraeger Tested-by: Christian Borntraeger Reviewed-by: Cornelia Huck Reviewed-by: Juan Quintela Signed-off-by: Alex Williamson --- migration/postcopy-ram.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c index 932f188949..c2e387ed44 100644 --- a/migration/postcopy-ram.c +++ b/migration/postcopy-ram.c @@ -509,6 +509,20 @@ int postcopy_ram_incoming_init(MigrationIncomingState *mis) return 0; } +/* + * Manage a single vote to the QEMU balloon inhibitor for all postcopy usage, + * last caller wins. + */ +static void postcopy_balloon_inhibit(bool state) +{ + static bool cur_state = false; + + if (state != cur_state) { + qemu_balloon_inhibit(state); + cur_state = state; + } +} + /* * At the end of a migration where postcopy_ram_incoming_init was called. */ @@ -539,7 +553,7 @@ int postcopy_ram_incoming_cleanup(MigrationIncomingState *mis) mis->have_fault_thread = false; } - qemu_balloon_inhibit(false); + postcopy_balloon_inhibit(false); if (enable_mlock) { if (os_mlock() < 0) { @@ -1107,7 +1121,7 @@ int postcopy_ram_enable_notify(MigrationIncomingState *mis) * Ballooning can mark pages as absent while we're postcopying * that would cause false userfaults. */ - qemu_balloon_inhibit(true); + postcopy_balloon_inhibit(true); trace_postcopy_ram_enable_notify();