From: David Gibson <david@gibson.dropbear.id.au>
To: qemu-ppc@nongnu.org, clg@kaod.org, qemu-devel@nongnu.org
Cc: "Jason Wang" <jasowang@redhat.com>,
"Riku Voipio" <riku.voipio@iki.fi>,
groug@kaod.org, "Laurent Vivier" <laurent@vivier.eu>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
philmd@redhat.com, "David Gibson" <david@gibson.dropbear.id.au>
Subject: [PATCH 16/20] spapr, xics, xive: Better use of assert()s on irq claim/free paths
Date: Wed, 25 Sep 2019 16:45:30 +1000 [thread overview]
Message-ID: <20190925064534.19155-17-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20190925064534.19155-1-david@gibson.dropbear.id.au>
The irq claim and free paths for both XICS and XIVE check for some
validity conditions. Some of these represent genuine runtime failures,
however others - particularly checking that the basic irq number is in a
sane range - could only fail in the case of bugs in the callin code.
Therefore use assert()s instead of runtime failures for those.
In addition the non backend-specific part of the claim/free paths should
only be used for PAPR external irqs, that is in the range SPAPR_XIRQ_BASE
to the maximum irq number. Put assert()s for that into the top level
dispatchers as well.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
hw/intc/spapr_xive.c | 8 ++------
hw/ppc/spapr_irq.c | 18 ++++++++++--------
2 files changed, 12 insertions(+), 14 deletions(-)
diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
index c1c97192a7..47b5ec0b56 100644
--- a/hw/intc/spapr_xive.c
+++ b/hw/intc/spapr_xive.c
@@ -532,9 +532,7 @@ bool spapr_xive_irq_claim(SpaprXive *xive, uint32_t lisn, bool lsi)
{
XiveSource *xsrc = &xive->source;
- if (lisn >= xive->nr_irqs) {
- return false;
- }
+ assert(lisn < xive->nr_irqs);
/*
* Set default values when allocating an IRQ number
@@ -559,9 +557,7 @@ bool spapr_xive_irq_claim(SpaprXive *xive, uint32_t lisn, bool lsi)
bool spapr_xive_irq_free(SpaprXive *xive, uint32_t lisn)
{
- if (lisn >= xive->nr_irqs) {
- return false;
- }
+ assert(lisn < xive->nr_irqs);
xive->eat[lisn].w &= cpu_to_be64(~EAS_VALID);
return true;
diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
index c40357a985..261d66ba17 100644
--- a/hw/ppc/spapr_irq.c
+++ b/hw/ppc/spapr_irq.c
@@ -118,11 +118,7 @@ static int spapr_irq_claim_xics(SpaprMachineState *spapr, int irq, bool lsi,
ICSState *ics = spapr->ics;
assert(ics);
-
- if (!ics_valid_irq(ics, irq)) {
- error_setg(errp, "IRQ %d is invalid", irq);
- return -1;
- }
+ assert(ics_valid_irq(ics, irq));
if (!ics_irq_free(ics, irq - ics->offset)) {
error_setg(errp, "IRQ %d is not free", irq);
@@ -138,9 +134,9 @@ static void spapr_irq_free_xics(SpaprMachineState *spapr, int irq)
ICSState *ics = spapr->ics;
uint32_t srcno = irq - ics->offset;
- if (ics_valid_irq(ics, irq)) {
- memset(&ics->irqs[srcno], 0, sizeof(ICSIRQState));
- }
+ assert(ics_valid_irq(ics, irq));
+
+ memset(&ics->irqs[srcno], 0, sizeof(ICSIRQState));
}
static void spapr_irq_print_info_xics(SpaprMachineState *spapr, Monitor *mon)
@@ -628,6 +624,9 @@ void spapr_irq_init(SpaprMachineState *spapr, Error **errp)
int spapr_irq_claim(SpaprMachineState *spapr, int irq, bool lsi, Error **errp)
{
+ assert(irq >= SPAPR_XIRQ_BASE);
+ assert(irq < (spapr->irq->nr_xirqs + SPAPR_XIRQ_BASE));
+
return spapr->irq->claim(spapr, irq, lsi, errp);
}
@@ -635,6 +634,9 @@ void spapr_irq_free(SpaprMachineState *spapr, int irq, int num)
{
int i;
+ assert(irq >= SPAPR_XIRQ_BASE);
+ assert((irq+num) <= (spapr->irq->nr_xirqs + SPAPR_XIRQ_BASE));
+
for (i = irq; i < (irq + num); i++) {
spapr->irq->free(spapr, irq);
}
--
2.21.0
next prev parent reply other threads:[~2019-09-25 7:17 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-25 6:45 [PATCH 00/20] spapr: IRQ subsystem cleanups David Gibson
2019-09-25 6:45 ` [PATCH 01/20] xics: Use incomplete type for XICSFabric David Gibson
2019-09-25 6:55 ` Cédric Le Goater
2019-09-25 7:48 ` Greg Kurz
2019-09-25 7:45 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 02/20] xics: Eliminate 'reject', 'resend' and 'eoi' class hooks David Gibson
2019-09-25 6:45 ` [PATCH 03/20] xics: Rename misleading ics_simple_*() functions David Gibson
2019-09-25 6:45 ` [PATCH 04/20] xics: Eliminate reset hook David Gibson
2019-09-25 7:33 ` Cédric Le Goater
2019-09-25 7:59 ` Greg Kurz
2019-09-26 2:54 ` David Gibson
2019-09-25 6:45 ` [PATCH 05/20] xics: Merge TYPE_ICS_BASE and TYPE_ICS_SIMPLE classes David Gibson
2019-09-25 8:16 ` Greg Kurz
2019-09-25 8:31 ` Greg Kurz
2019-09-26 0:55 ` David Gibson
2019-09-26 0:52 ` David Gibson
2019-09-25 12:47 ` Cédric Le Goater
2019-09-25 6:45 ` [PATCH 06/20] xics: Create sPAPR specific ICS subtype David Gibson
2019-09-25 7:34 ` Cédric Le Goater
2019-09-25 8:40 ` Greg Kurz
2019-09-25 8:55 ` Cédric Le Goater
2019-09-25 9:07 ` Greg Kurz
2019-09-26 0:56 ` David Gibson
2019-09-26 7:09 ` Cédric Le Goater
2019-09-27 16:05 ` Greg Kurz
2019-09-30 8:45 ` David Gibson
2019-09-30 17:00 ` Greg Kurz
2019-10-01 1:45 ` David Gibson
2019-09-25 6:45 ` [PATCH 07/20] spapr: Fold spapr_phb_lsi_qirq() into its single caller David Gibson
2019-09-25 6:58 ` Cédric Le Goater
2019-09-25 8:56 ` Greg Kurz
2019-09-26 7:08 ` Philippe Mathieu-Daudé
2019-09-25 6:45 ` [PATCH 08/20] spapr: Replace spapr_vio_qirq() helper with spapr_vio_irq_pulse() helper David Gibson
2019-09-25 6:58 ` Cédric Le Goater
2019-09-25 8:57 ` Greg Kurz
2019-09-26 7:08 ` Philippe Mathieu-Daudé
2019-09-25 6:45 ` [PATCH 09/20] spapr: Clarify and fix handling of nr_irqs David Gibson
2019-09-25 7:05 ` Cédric Le Goater
2019-09-26 1:03 ` David Gibson
2019-09-26 7:02 ` Cédric Le Goater
2019-09-25 17:13 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 10/20] spapr: Eliminate nr_irqs parameter to SpaprIrq::init David Gibson
2019-09-25 7:06 ` Cédric Le Goater
2019-09-25 17:16 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 11/20] spapr: Fix indexing of XICS irqs David Gibson
2019-09-25 7:11 ` Cédric Le Goater
2019-09-25 20:17 ` Greg Kurz
2019-09-26 1:31 ` David Gibson
2019-09-26 7:21 ` Greg Kurz
2019-09-26 11:32 ` David Gibson
2019-09-26 14:44 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 12/20] spapr: Simplify spapr_qirq() handling David Gibson
2019-09-25 7:16 ` Cédric Le Goater
2019-09-25 20:30 ` Greg Kurz
2019-09-26 7:10 ` Philippe Mathieu-Daudé
2019-09-25 6:45 ` [PATCH 13/20] spapr: Eliminate SpaprIrq:get_nodename method David Gibson
2019-09-25 7:19 ` Cédric Le Goater
2019-09-26 7:11 ` Philippe Mathieu-Daudé
2019-09-26 7:48 ` Greg Kurz
2019-09-26 11:36 ` David Gibson
2019-09-25 6:45 ` [PATCH 14/20] spapr: Remove unhelpful tracepoints from spapr_irq_free_xics() David Gibson
2019-09-25 7:20 ` Cédric Le Goater
2019-09-26 7:11 ` Philippe Mathieu-Daudé
2019-09-26 7:50 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 15/20] spapr: Handle freeing of multiple irqs in frontend only David Gibson
2019-09-25 7:21 ` Cédric Le Goater
2019-09-26 7:52 ` Greg Kurz
2019-09-25 6:45 ` David Gibson [this message]
2019-09-25 7:22 ` [PATCH 16/20] spapr, xics, xive: Better use of assert()s on irq claim/free paths Cédric Le Goater
2019-09-26 8:08 ` Greg Kurz
2019-09-26 11:39 ` David Gibson
2019-09-25 6:45 ` [PATCH 17/20] spapr: Remove unused return value in claim path David Gibson
2019-09-25 7:23 ` Cédric Le Goater
2019-09-26 7:13 ` Philippe Mathieu-Daudé
2019-09-26 8:36 ` Greg Kurz
2019-09-27 1:47 ` David Gibson
2019-09-25 6:45 ` [PATCH 18/20] xive: Improve irq claim/free path David Gibson
2019-09-25 7:25 ` Cédric Le Goater
2019-09-26 1:05 ` David Gibson
2019-09-25 6:45 ` [PATCH 19/20] spapr: Use less cryptic representation of which irq backends are supported David Gibson
2019-09-25 7:28 ` Cédric Le Goater
2019-09-26 9:16 ` Greg Kurz
2019-09-25 6:45 ` [PATCH 20/20] spapr: Eliminate SpaprIrq::init hook David Gibson
2019-09-25 7:31 ` Cédric Le Goater
2019-09-26 1:13 ` David Gibson
2019-09-26 7:05 ` Cédric Le Goater
2019-09-26 11:29 ` David Gibson
2019-09-26 15:35 ` Greg Kurz
2019-09-27 5:51 ` David Gibson
2019-09-27 6:23 ` Greg Kurz
2019-09-26 15:39 ` Greg Kurz
2019-09-27 14:12 ` Greg Kurz
2019-09-29 9:34 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190925064534.19155-17-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=clg@kaod.org \
--cc=groug@kaod.org \
--cc=jasowang@redhat.com \
--cc=laurent@vivier.eu \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.