Re: [Qemu-devel] [PATCH for-4.0] hw/i386/pc: Fix crash when hot-plugging nvdimm on older machine types

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>,
	qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Wei Yang <richardw.yang@linux.intel.com>,
	Xiao Guangrong <xiaoguangrong.eric@gmail.com>
Subject: Re: [Qemu-devel] [PATCH for-4.0] hw/i386/pc: Fix crash when hot-plugging nvdimm on older machine types
Date: Tue, 09 Apr 2019 07:57:39 +0200	[thread overview]
Message-ID: <87imvniuuk.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20190408222601.GR7238@habkost.net> (Eduardo Habkost's message of "Mon, 8 Apr 2019 19:26:01 -0300")

Eduardo Habkost <ehabkost@redhat.com> writes:

> On Mon, Apr 08, 2019 at 05:06:49PM +0200, Thomas Huth wrote:
>> On 08/04/2019 15.45, Wei Yang wrote:
> [...]
>> > diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>> > index 6077d27361..b11f3b15c1 100644
>> > --- a/hw/i386/pc.c
>> > +++ b/hw/i386/pc.c
>> > @@ -2091,6 +2091,9 @@ static void pc_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
>> >      }
>> >  
>> >      hotplug_handler_pre_plug(pcms->acpi_dev, dev, errp);
>> > +    if (*errp) {
>> > +        return;
>> > +    }
>> 
>> Not sure, but I think you can not rely on the fact that the caller set
>> *errp = NULL already... that's why it is more common to use a local_err
>> variable and error_propagate() for such cases (which is what I did in my
>> patch).
>
> *errp can't be non-NULL (otherwise functions calling error_setg()
> would crash).  errp can be NULL, though, and that's why you need
> a local_err variable.

Correct.  The big comment in error.h advises:

 * Receive an error and pass it on to the caller:
 *     Error *err = NULL;
 *     foo(arg, &err);
 *     if (err) {
 *         handle the error...
 *         error_propagate(errp, err);
 *     }
 * where Error **errp is a parameter, by convention the last one.
 *
 * Do *not* "optimize" this to
 *     foo(arg, errp);
 *     if (*errp) { // WRONG!
 *         handle the error...
 *     }
 * because errp may be NULL!
 *
 * But when all you do with the error is pass it on, please use
 *     foo(arg, errp);
 * for readability.

> I'd love to eliminate NULL errp from our codebase, but I couldn't
> find a way to do it that is safe and simple (i.e. not letting us
> pass NULL errp by mistake and not requiring a macro wrapping
> every `&local_err` expression).

Also, I'd prefer not not deviate even more from GError.

Apropos NULL, we often pass NULL where we really ought to pass
&error_abort.

WARNING: multiple messages have this Message-ID (diff)

From: Markus Armbruster <armbru@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>,
	Xiao Guangrong <xiaoguangrong.eric@gmail.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	qemu-devel@nongnu.org, Wei Yang <richardw.yang@linux.intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH for-4.0] hw/i386/pc: Fix crash when hot-plugging nvdimm on older machine types
Date: Tue, 09 Apr 2019 07:57:39 +0200	[thread overview]
Message-ID: <87imvniuuk.fsf@dusky.pond.sub.org> (raw)
Message-ID: <20190409055739.PMhD0UiPYUo9T1FqHREM24XaJYbTiE8qLG2m1fwAgk0@z> (raw)
In-Reply-To: <20190408222601.GR7238@habkost.net> (Eduardo Habkost's message of "Mon, 8 Apr 2019 19:26:01 -0300")

Eduardo Habkost <ehabkost@redhat.com> writes:

> On Mon, Apr 08, 2019 at 05:06:49PM +0200, Thomas Huth wrote:
>> On 08/04/2019 15.45, Wei Yang wrote:
> [...]
>> > diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>> > index 6077d27361..b11f3b15c1 100644
>> > --- a/hw/i386/pc.c
>> > +++ b/hw/i386/pc.c
>> > @@ -2091,6 +2091,9 @@ static void pc_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
>> >      }
>> >  
>> >      hotplug_handler_pre_plug(pcms->acpi_dev, dev, errp);
>> > +    if (*errp) {
>> > +        return;
>> > +    }
>> 
>> Not sure, but I think you can not rely on the fact that the caller set
>> *errp = NULL already... that's why it is more common to use a local_err
>> variable and error_propagate() for such cases (which is what I did in my
>> patch).
>
> *errp can't be non-NULL (otherwise functions calling error_setg()
> would crash).  errp can be NULL, though, and that's why you need
> a local_err variable.

Correct.  The big comment in error.h advises:

 * Receive an error and pass it on to the caller:
 *     Error *err = NULL;
 *     foo(arg, &err);
 *     if (err) {
 *         handle the error...
 *         error_propagate(errp, err);
 *     }
 * where Error **errp is a parameter, by convention the last one.
 *
 * Do *not* "optimize" this to
 *     foo(arg, errp);
 *     if (*errp) { // WRONG!
 *         handle the error...
 *     }
 * because errp may be NULL!
 *
 * But when all you do with the error is pass it on, please use
 *     foo(arg, errp);
 * for readability.

> I'd love to eliminate NULL errp from our codebase, but I couldn't
> find a way to do it that is safe and simple (i.e. not letting us
> pass NULL errp by mistake and not requiring a macro wrapping
> every `&local_err` expression).

Also, I'd prefer not not deviate even more from GError.

Apropos NULL, we often pass NULL where we really ought to pass
&error_abort.

next prev parent reply	other threads:[~2019-04-09  5:57 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-07  9:23 [Qemu-devel] [PATCH for-4.0] hw/i386/pc: Fix crash when hot-plugging nvdimm on older machine types Thomas Huth
2019-04-08 10:46 ` Paolo Bonzini
2019-04-08 13:45 ` Wei Yang
2019-04-08 13:45   ` Wei Yang
2019-04-08 15:06   ` Thomas Huth
2019-04-08 15:06     ` Thomas Huth
2019-04-08 21:29     ` Wei Yang
2019-04-08 21:29       ` Wei Yang
2019-04-11  1:56       ` Wei Yang
2019-04-11  1:56         ` Wei Yang
2019-04-11  4:50         ` Thomas Huth
2019-04-11  4:50           ` Thomas Huth
2019-04-08 22:26     ` Eduardo Habkost
2019-04-08 22:26       ` Eduardo Habkost
2019-04-09  5:57       ` Markus Armbruster [this message]
2019-04-09  5:57         ` Markus Armbruster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87imvniuuk.fsf@dusky.pond.sub.org \
    --to=armbru@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=richardw.yang@linux.intel.com \
    --cc=thuth@redhat.com \
    --cc=xiaoguangrong.eric@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.