| Message ID | 20231011165234.1323725-2-quic_svaddagi@quicinc.com |
|---|---|
| State | New |
| Headers | show |
| Series | Gunyah hypervisor support | expand |
Hi Srivatsa, (+Markus/Peter for QOM fu) On 11/10/23 18:52, Srivatsa Vaddagiri wrote: > Avoid dereferencing a NULL pointer that its_class_name() could return. While your patch is correct, there is some code smell around its_class_name(). IMHO a foo_class_name() handler should never return NULL. I'm trying to rework apic_get_class() similarly, see: https://lore.kernel.org/qemu-devel/20231003082728.83496-1-philmd@linaro.org/ > Signed-off-by: Srivatsa Vaddagiri <quic_svaddagi@quicinc.com> > --- > hw/arm/virt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/arm/virt.c b/hw/arm/virt.c > index a13c658bbf..b55d5c7282 100644 > --- a/hw/arm/virt.c > +++ b/hw/arm/virt.c > @@ -661,7 +661,7 @@ static void create_its(VirtMachineState *vms) > const char *itsclass = its_class_name(); > DeviceState *dev; > > - if (!strcmp(itsclass, "arm-gicv3-its")) { > + if (itsclass && !strcmp(itsclass, "arm-gicv3-its")) { > if (!vms->tcg_its) { > itsclass = NULL; > }
Philippe Mathieu-Daudé <philmd@linaro.org> writes: > Hi Srivatsa, > > (+Markus/Peter for QOM fu) QOM fu needs Paolo; cc'ed. I'm not sure how much this is about QOM, though. Perhaps it's more about good taste. > On 11/10/23 18:52, Srivatsa Vaddagiri wrote: >> Avoid dereferencing a NULL pointer that its_class_name() could return. > > While your patch is correct, there is some code smell > around its_class_name(). IMHO a foo_class_name() handler > should never return NULL. > > I'm trying to rework apic_get_class() similarly, see: > https://lore.kernel.org/qemu-devel/20231003082728.83496-1-philmd@linaro.org/ In both cases, we have a function to find the device model to use with current QEMU configuration and system state. The fact that one of them returns a class name and the other a class is detail. Observe: this usable device model exists for any QEMU configuration. It may not be usable in certain system states, though. Since the function deals with both, it can fail. We can separate the two concerns: first map configuration to device model (can't fail), then check the system state (can fail). Feels like a matter of taste to me. Does it result in simpler function contracts and more readable code? Can we do it the same way everywhere?
* Philippe Mathieu-Daud? <philmd@linaro.org> [2023-10-12 06:30:24]: > Hi Srivatsa, > > (+Markus/Peter for QOM fu) > > On 11/10/23 18:52, Srivatsa Vaddagiri wrote: > > Avoid dereferencing a NULL pointer that its_class_name() could return. > > While your patch is correct, there is some code smell > around its_class_name(). IMHO a foo_class_name() handler > should never return NULL. I saw its_class_name() returning NULL for KVM in some case and took the same route for Gunyah (as ITS is not supported atm): const char *its_class_name(void) { if (kvm_irqchip_in_kernel()) { /* KVM implementation requires this capability */ return kvm_direct_msi_enabled() ? "arm-its-kvm" : NULL; } else if (gunyah_enabled()) { /* ITS is not yet supported */ return NULL; } I guess I could have its_class_name() return "arm-gicv3-its" (for Gunyah case) and set vms->tcg_its to false, which will avoid the NULL-pointer deref I was hitting. I will drop this patch in next version in that case. - vatsa
diff --git a/hw/arm/virt.c b/hw/arm/virt.c index a13c658bbf..b55d5c7282 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -661,7 +661,7 @@ static void create_its(VirtMachineState *vms) const char *itsclass = its_class_name(); DeviceState *dev; - if (!strcmp(itsclass, "arm-gicv3-its")) { + if (itsclass && !strcmp(itsclass, "arm-gicv3-its")) { if (!vms->tcg_its) { itsclass = NULL; }
Avoid dereferencing a NULL pointer that its_class_name() could return. Signed-off-by: Srivatsa Vaddagiri <quic_svaddagi@quicinc.com> --- hw/arm/virt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)