Re: [PATCH] As reported in qemu-project/qemu#3324

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Alex Bennée" <alex.bennee@linaro.org>
To: Aditya Gupta <adityag@linux.ibm.com>
Cc: Zexiang Zhang <chan9yan9@gmail.com>,
	 qemu-devel@nongnu.org,  Nicholas Piggin <npiggin@gmail.com>,
	 Harsh Prateek Bora <harshpb@linux.ibm.com>,
	"open list:sPAPR (pseries)" <qemu-ppc@nongnu.org>
Subject: Re: [PATCH] As reported in qemu-project/qemu#3324
Date: Sun, 29 Mar 2026 21:34:44 +0100	[thread overview]
Message-ID: <87tstyxtln.fsf@draig.linaro.org> (raw)
In-Reply-To: <acjT4ENff_tcJQtz@li-3c92a0cc-27cf-11b2-a85c-b804d9ca68fa.ibm.com> (Aditya Gupta's message of "Sun, 29 Mar 2026 13:01:05 +0530")

Aditya Gupta <adityag@linux.ibm.com> writes:

> Hello Zexiang,
>
> On 26/03/26 11:27PM, Zexiang Zhang wrote:
>> From: kiki <Chan9Yan9@gmail.com>
>> 
>> A malformed IVE value can result in an invalid server field being
>> passed to icp_irq(). The function assumes the server id is valid and
>> may access invalid state otherwise, potentially leading to a crash.
>> 
>> Fix this by validating the server id before using it and ignoring
>> invalid values.
>> 
>> Reported-by: Zexiang Zhang <chan9yan9@gmail.com>
>> Signed-off-by: Zexiang Zhang <chan9yan9@gmail.com>
>
> About subject, can you change the subject to decribe the fix, something
> like 'ppc/pnv: Fix Null Pointer Deref in PHB3', what do you say ?
>
> There's a build error:
>
> 	../hw/intc/xics.c: In function ‘icp_irq’:
> 	../hw/intc/xics.c:226:9: error: implicit declaration of function ‘qemu_log_mask’; did you mean ‘qemu_log’? [-Wimplicit-function-declaration]
> 	  226 |         qemu_log_mask(LOG_GUEST_ERROR, "XICS: invalid server %d for IRQ 0x%x\n",
> 	      |         ^~~~~~~~~~~~~
> 	      |         qemu_log
> 	../hw/intc/xics.c:226:9: error: nested extern declaration of ‘qemu_log_mask’ [-Werror=nested-externs]
> 	../hw/intc/xics.c:226:23: error: ‘LOG_GUEST_ERROR’ undeclared (first use in this function); did you mean ‘MOD_ESTERROR’?
> 	  226 |         qemu_log_mask(LOG_GUEST_ERROR, "XICS: invalid server %d for IRQ 0x%x\n",
> 	      |                       ^~~~~~~~~~~~~~~
> 	      |                       MOD_ESTERROR
> 	../hw/intc/xics.c:226:23: note: each undeclared identifier is reported only once for each function it appears in
> 	cc1: all warnings being treated as errors
>
> Add '#include "qemu/log.h", maybe after osdep.h include, to fix above
> error.
>
> Also, I will recommend running 'make check-functional-ppc64 -j4' to test
> the patch before post.
>
>> ---
>>  hw/intc/xics.c | 7 +++++++
>>  1 file changed, 7 insertions(+)
>> 
>> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
>> index 1d40c4386d..25c7b0c8a5 100644
>> --- a/hw/intc/xics.c
>> +++ b/hw/intc/xics.c
>> @@ -222,6 +222,13 @@ void icp_irq(ICSState *ics, int server, int nr, uint8_t priority)
>>  
>>      trace_xics_icp_irq(server, nr, priority);
>>  
>> +    if (!icp) {
>> +        qemu_log_mask(LOG_GUEST_ERROR, "XICS: invalid server %d for IRQ 0x%x\n",
>> +                      server, nr);
>> +        ics_reject(ics, nr);
>> +        return;
>> +    }
>> +
>>      if ((priority >= CPPR(icp))
>>          || (XISR(icp) && (icp->pending_priority <= priority))) {
>>          ics_reject(ics, nr);
>
> The change looks good to me. Can you post a v2 with the subject and
> build fixed ?

The bug fix link can go in:

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3324

just above your sign off.

>
> Thanks,
> - Aditya G

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

next prev parent reply	other threads:[~2026-03-29 20:35 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-26 15:27 [PATCH] As reported in qemu-project/qemu#3324 Zexiang Zhang
2026-03-29  7:31 ` Aditya Gupta
2026-03-29 20:34   ` Alex Bennée [this message]
2026-04-22 11:01     ` Aditya Gupta
  -- strict thread matches above, loose matches on Subject: below --
2026-03-26 15:25 Zexiang Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87tstyxtln.fsf@draig.linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=adityag@linux.ibm.com \
    --cc=chan9yan9@gmail.com \
    --cc=harshpb@linux.ibm.com \
    --cc=npiggin@gmail.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.