On 22 June 2018 at 05:24, David Gibson <[email protected]> wrote:
> From: Cédric Le Goater <[email protected]>
>
> On Power9, the thread interrupt presenter has a different type and is
> linked to the chip owning the cores.
>
> Signed-off-by: Cédric Le Goater <[email protected]>
> Signed-off-by: David Gibson <[email protected]>
> ---
> hw/ppc/pnv.c | 21 +++++++++++++++++++--
> hw/ppc/pnv_core.c | 18 +++++++++---------
> include/hw/ppc/pnv.h | 1 +
> 3 files changed, 29 insertions(+), 11 deletions(-)
Hi; Coverity points out a bug (CID 1393617) in this patch
(which is commit d35aefa9ae150a):
> @@ -143,13 +144,12 @@ static void pnv_core_realize(DeviceState *dev, Error
> **errp)
> void *obj;
> int i, j;
> char name[32];
> - Object *xi;
> + Object *chip;
>
> - xi = object_property_get_link(OBJECT(dev), "xics", &local_err);
> - if (!xi) {
> - error_setg(errp, "%s: required link 'xics' not found: %s",
> - __func__, error_get_pretty(local_err));
> - return;
> + chip = object_property_get_link(OBJECT(dev), "chip", &local_err);
> + if (!chip) {
> + error_propagate(errp, local_err);
> + error_prepend(errp, "required link 'chip' not found: ");
> }
We check for a NULL 'chip' pointer, but forget the 'return', so
execution will plough on through to the code below and eventually
dereference the NULL pointer and segfault.
thanks
-- PMM
