Skip to content

virtio: fix NULL pointer dereference in virtqueue_notification#689

Open
masc2008 wants to merge 1 commit into
OpenAMP:mainfrom
masc2008:fix/virtqueue-null-check
Open

virtio: fix NULL pointer dereference in virtqueue_notification#689
masc2008 wants to merge 1 commit into
OpenAMP:mainfrom
masc2008:fix/virtqueue-null-check

Conversation

@masc2008

Copy link
Copy Markdown

Add a NULL check for the vq pointer before dereferencing it in virtqueue_notification(). Without this check, a NULL virtqueue pointer passed to the function would cause a crash when accessing vq->callback.

Add a NULL check for vq before dereferencing it in
virtqueue_notification() to prevent a crash when vq is NULL.

Signed-off-by: Shichun Ma <masc2008@gmail.com>
@masc2008 masc2008 force-pushed the fix/virtqueue-null-check branch from d44cc09 to 4e7587f Compare June 27, 2026 01:34
@arnopo arnopo requested review from arnopo, edmooring and tnmysh June 30, 2026 06:53
@arnopo arnopo added this to the Release V2026.10 milestone Jun 30, 2026
Comment thread lib/virtio/virtqueue.c
{
atomic_thread_fence(memory_order_seq_cst);
if (vq->callback)
if (vq && vq->callback)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me this check seems overkill. Why virtqueue_notification should be called at all if the appropriate virtqueue was not retrieved in the first place? The caller of this function must ensure that vq is retrieved properly before calling this function.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, when vq is NULL, please add error level log that vq is not expected to be NULL.

@edmooring edmooring left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks okay to me.

I can see a case where it might be possible to call virtqueue_notification() on a virtueue that has a vring that has not yet been created.

@tnmysh

tnmysh commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Okay, since @arnopo and @edmooring have acked, I am okay with this patch.

@arnopo

arnopo commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Okay, since @arnopo and @edmooring have acked, I am okay with this patch.

@tnmysh : Because virtqueue_notification is an API, it is safer to add it, even if it seems excessive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants