From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: patches@linaro.org, "Alex Bennée" <alex.bennee@linaro.org>,
"Peter Chubb" <peter.chubb@nicta.com.au>,
"Jean-Christophe DUBOIS" <jcd@tribudubois.net>
Subject: [Qemu-devel] [PATCH for-2.9] hw/misc/imx6_src: Don't crash trying to reset missing CPUs
Date: Fri, 3 Mar 2017 11:59:34 +0000 [thread overview]
Message-ID: <1488542374-1256-1-git-send-email-peter.maydell@linaro.org> (raw)
Commit 4881658a4b introduced a call to arm_get_cpu_by_id(),
and Coverity noticed that we weren't checking that it didn't
return NULL (CID 1371652).
Normally this won't happen (because all 4 CPUs are expected
to exist), but it's possible the user requested fewer CPUs
on the command line. Handle this possibility by silently
doing nothing, which is the same behaviour as before commit
4881658a4b and also how we handle the other CPU operations
(since we ignore the INVALID_PARAM returns from arm_set_cpu_on()
and friends).
There is a slight behavioural difference to the pre-4881658a4b
situation: the "reset this core" bit will remain set rather
than not being permitted to be set. The imx6 datasheet is
unclear about the behaviour in this odd corner case, so we
opt for the simpler code rather than complicated logic to
maintain identical behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
I couldn't actually get this to crash even with -smp 1 with
my test image, but we should fix it anyhow.
hw/misc/imx6_src.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index edbb756..cfb0871 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -143,13 +143,17 @@ static void imx6_defer_clear_reset_bit(int cpuid,
unsigned long reset_shift)
{
struct SRCSCRResetInfo *ri;
+ CPUState *cpu = arm_get_cpu_by_id(cpuid);
+
+ if (!cpu) {
+ return;
+ }
ri = g_malloc(sizeof(struct SRCSCRResetInfo));
ri->s = s;
ri->reset_bit = reset_shift;
- async_run_on_cpu(arm_get_cpu_by_id(cpuid), imx6_clear_reset_bit,
- RUN_ON_CPU_HOST_PTR(ri));
+ async_run_on_cpu(cpu, imx6_clear_reset_bit, RUN_ON_CPU_HOST_PTR(ri));
}
--
2.7.4
next reply other threads:[~2017-03-03 11:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 11:59 Peter Maydell [this message]
2017-03-14 11:53 ` [Qemu-devel] [Qemu-arm] [PATCH for-2.9] hw/misc/imx6_src: Don't crash trying to reset missing CPUs Peter Maydell
2017-03-14 16:12 ` [Qemu-devel] " Alex Bennée
2017-03-14 16:52 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488542374-1256-1-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=jcd@tribudubois.net \
--cc=patches@linaro.org \
--cc=peter.chubb@nicta.com.au \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).