From f55cceac8c03e639711490f08996c32861591435 Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Thu, 29 Feb 2024 22:39:13 +0800 Subject: [PATCH] target/i386/sev: Fix missing ERRP_GUARD() for error_prepend() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the comment in qapi/error, passing @errp to error_prepend() requires ERRP_GUARD(): * = Why, when and how to use ERRP_GUARD() = * * Without ERRP_GUARD(), use of the @errp parameter is restricted: ... * - It should not be passed to error_prepend(), error_vprepend() or * error_append_hint(), because that doesn't work with &error_fatal. * ERRP_GUARD() lifts these restrictions. * * To use ERRP_GUARD(), add it right at the beginning of the function. * @errp can then be used without worrying about the argument being * NULL or &error_fatal. ERRP_GUARD() could avoid the case when @errp is the pointer of error_fatal, the user can't see this additional information, because exit() happens in error_setg earlier than information is added [1]. The sev_inject_launch_secret() passes @errp to error_prepend(), and as an APIs defined in target/i386/sev.h, it is necessary to protect its @errp with ERRP_GUARD(). To avoid the issue like [1] said, add missing ERRP_GUARD() at the beginning of this function. [1]: Issue description in the commit message of commit ae7c80a7bd73 ("error: New macro ERRP_GUARD()"). Cc: Paolo Bonzini Cc: Marcelo Tosatti Signed-off-by: Zhao Liu Reviewed-by: Thomas Huth Message-ID: <20240229143914.1977550-17-zhao1.liu@linux.intel.com> Signed-off-by: Philippe Mathieu-Daudé --- target/i386/sev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 173de91afe..72930ff0dc 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1044,6 +1044,7 @@ sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) int sev_inject_launch_secret(const char *packet_hdr, const char *secret, uint64_t gpa, Error **errp) { + ERRP_GUARD(); struct kvm_sev_launch_secret input; g_autofree guchar *data = NULL, *hdr = NULL; int error, ret = 1;