| Message ID | 1458061009-7733-1-git-send-email-peter.maydell@linaro.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
The patch looks good. Would it also be good to update bus_add_child() so that it NULL-checks its "bus" parameter before dereferencing it? -Tom On 15 March 2016 at 10:56, Peter Maydell <peter.maydell@linaro.org> wrote: > The SD card object is not a SysBusDevice, so don't create it with > qdev_create() if we're not assigning it to a specific bus; use > object_new() instead. > > This was causing 'info qtree' to segfault on boards with SD cards, > because qdev_create(NULL, TYPE_FOO) puts the created object on the > system bus, and then we may try to run functions like sysbus_dev_print() > on it, which fail when casting the object to SysBusDevice. > > (This is the same mistake that we made with the NAND device > and fixed in commit 6749695eaaf346c1.) > > Reported-by: hitmoon <zxq_yx_007@163.com> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > I assume that using qdev_create() for non-SysBus devices is > OK if we are passing in a specific bus pointer, because we do > this already for various things including PCI devices. The > various "properly QOMified" uses of TYPE_SD_CARD do that; only > this sd_init() function for the legacy uses doesn't. > --- > hw/sd/sd.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/hw/sd/sd.c b/hw/sd/sd.c > index 00c320d..1568057 100644 > --- a/hw/sd/sd.c > +++ b/hw/sd/sd.c > @@ -563,17 +563,19 @@ static const VMStateDescription sd_vmstate = { > /* Legacy initialization function for use by non-qdevified callers */ > SDState *sd_init(BlockBackend *blk, bool is_spi) > { > + Object *obj; > DeviceState *dev; > Error *err = NULL; > > - dev = qdev_create(NULL, TYPE_SD_CARD); > + obj = object_new(TYPE_SD_CARD); > + dev = DEVICE(obj); > qdev_prop_set_drive(dev, "drive", blk, &err); > if (err) { > error_report("sd_init failed: %s", error_get_pretty(err)); > return NULL; > } > qdev_prop_set_bit(dev, "spi", is_spi); > - object_property_set_bool(OBJECT(dev), true, "realized", &err); > + object_property_set_bool(obj, true, "realized", &err); > if (err) { > error_report("sd_init failed: %s", error_get_pretty(err)); > return NULL; > -- > 1.9.1 > >
On 15 March 2016 at 20:28, Thomas Hanson <thomas.hanson@linaro.org> wrote: > The patch looks good. > > Would it also be good to update bus_add_child() so that it NULL-checks > its "bus" parameter before dereferencing it? No, I think it's just a programming error to call qdev_set_parent_bus() with a NULL bus parameter, so crashing is fine. (The problem fixed by this patch doesn't involve calling bus_add_child() with a NULL pointer, in any case -- qdev_try_create() will handle a NULL bus pointer as "use the default system bus", so by the time it gets to bus_add_child() the bus pointer is never NULL. It's using the default bus at all that causes things to go wrong much later on down the line.) thanks -- PMM
On 15 March 2016 at 20:33, Peter Maydell <peter.maydell@linaro.org> wrote: > On 15 March 2016 at 20:28, Thomas Hanson <thomas.hanson@linaro.org> wrote: >> The patch looks good. >> >> Would it also be good to update bus_add_child() so that it NULL-checks >> its "bus" parameter before dereferencing it? > > No, I think it's just a programming error to call qdev_set_parent_bus() > with a NULL bus parameter, so crashing is fine. ...but it might be helpful to assert in qdev_try_create() that if we're using the default bus then the object is a sysbus device object. At least then the problem will be immediately clear rather than only showing up if you run a monitor command later. thanks -- PMM
? 2016?03?16? 00:56, Peter Maydell ??: > The SD card object is not a SysBusDevice, so don't create it with > qdev_create() if we're not assigning it to a specific bus; use > object_new() instead. > > This was causing 'info qtree' to segfault on boards with SD cards, > because qdev_create(NULL, TYPE_FOO) puts the created object on the > system bus, and then we may try to run functions like sysbus_dev_print() > on it, which fail when casting the object to SysBusDevice. > > (This is the same mistake that we made with the NAND device > and fixed in commit 6749695eaaf346c1.) > > Reported-by: hitmoon <zxq_yx_007@163.com> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > I assume that using qdev_create() for non-SysBus devices is > OK if we are passing in a specific bus pointer, because we do > this already for various things including PCI devices. The > various "properly QOMified" uses of TYPE_SD_CARD do that; only > this sd_init() function for the legacy uses doesn't. > --- > hw/sd/sd.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/hw/sd/sd.c b/hw/sd/sd.c > index 00c320d..1568057 100644 > --- a/hw/sd/sd.c > +++ b/hw/sd/sd.c > @@ -563,17 +563,19 @@ static const VMStateDescription sd_vmstate = { > /* Legacy initialization function for use by non-qdevified callers */ > SDState *sd_init(BlockBackend *blk, bool is_spi) > { > + Object *obj; > DeviceState *dev; > Error *err = NULL; > > - dev = qdev_create(NULL, TYPE_SD_CARD); > + obj = object_new(TYPE_SD_CARD); > + dev = DEVICE(obj); > qdev_prop_set_drive(dev, "drive", blk, &err); > if (err) { > error_report("sd_init failed: %s", error_get_pretty(err)); > return NULL; > } > qdev_prop_set_bit(dev, "spi", is_spi); > - object_property_set_bool(OBJECT(dev), true, "realized", &err); > + object_property_set_bool(obj, true, "realized", &err); > if (err) { > error_report("sd_init failed: %s", error_get_pretty(err)); > return NULL; Nice patch ! Reviewed-by: xiaoqiang.zhao <zxq_yx_007@163.com>
Sounds like a good idea. Much easier to fix a problem with an explicit error than to chase a seg fault. On 15 March 2016 at 14:41, Peter Maydell <peter.maydell@linaro.org> wrote: > On 15 March 2016 at 20:33, Peter Maydell <peter.maydell@linaro.org> wrote: >> On 15 March 2016 at 20:28, Thomas Hanson <thomas.hanson@linaro.org> wrote: >>> The patch looks good. >>> >>> Would it also be good to update bus_add_child() so that it NULL-checks >>> its "bus" parameter before dereferencing it? >> >> No, I think it's just a programming error to call qdev_set_parent_bus() >> with a NULL bus parameter, so crashing is fine. > > ...but it might be helpful to assert in qdev_try_create() that > if we're using the default bus then the object is a sysbus > device object. At least then the problem will be immediately > clear rather than only showing up if you run a monitor command > later. > > thanks > -- PMM
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 00c320d..1568057 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -563,17 +563,19 @@ static const VMStateDescription sd_vmstate = { /* Legacy initialization function for use by non-qdevified callers */ SDState *sd_init(BlockBackend *blk, bool is_spi) { + Object *obj; DeviceState *dev; Error *err = NULL; - dev = qdev_create(NULL, TYPE_SD_CARD); + obj = object_new(TYPE_SD_CARD); + dev = DEVICE(obj); qdev_prop_set_drive(dev, "drive", blk, &err); if (err) { error_report("sd_init failed: %s", error_get_pretty(err)); return NULL; } qdev_prop_set_bit(dev, "spi", is_spi); - object_property_set_bool(OBJECT(dev), true, "realized", &err); + object_property_set_bool(obj, true, "realized", &err); if (err) { error_report("sd_init failed: %s", error_get_pretty(err)); return NULL;
The SD card object is not a SysBusDevice, so don't create it with qdev_create() if we're not assigning it to a specific bus; use object_new() instead. This was causing 'info qtree' to segfault on boards with SD cards, because qdev_create(NULL, TYPE_FOO) puts the created object on the system bus, and then we may try to run functions like sysbus_dev_print() on it, which fail when casting the object to SysBusDevice. (This is the same mistake that we made with the NAND device and fixed in commit 6749695eaaf346c1.) Reported-by: hitmoon <zxq_yx_007@163.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- I assume that using qdev_create() for non-SysBus devices is OK if we are passing in a specific bus pointer, because we do this already for various things including PCI devices. The various "properly QOMified" uses of TYPE_SD_CARD do that; only this sd_init() function for the legacy uses doesn't. --- hw/sd/sd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)