On Sat, Mar 13, 2021 at 08:23:31AM +0100, Greg Kurz wrote:
> spapr_memory_unplug() is the last step of the hot unplug sequence.
> It is indirectly called by:
> 
>  spapr_lmb_release()
>   hotplug_handler_unplug()
> 
> and spapr_lmb_release() already buys us that DIMM unplug state is
> present : it gets restored with spapr_recover_pending_dimm_state()
> if missing.
> 
> g_assert() that spapr_pending_dimm_unplugs_find() cannot return NULL
> in spapr_memory_unplug() to make this clear and silence Coverity.
> 
> Fixes: Coverity CID 1450767
> Signed-off-by: Greg Kurz <groug@kaod.org>

Applied to ppc-for-6.0, thanks.

> ---
>  hw/ppc/spapr.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index d56418ca2942..73a06df3b1b1 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -3660,6 +3660,9 @@ static void spapr_memory_unplug(HotplugHandler *hotplug_dev, DeviceState *dev)
>      SpaprMachineState *spapr = SPAPR_MACHINE(hotplug_dev);
>      SpaprDimmState *ds = spapr_pending_dimm_unplugs_find(spapr, PC_DIMM(dev));
>  
> +    /* We really shouldn't get this far without anything to unplug */
> +    g_assert(ds);
> +
>      pc_dimm_unplug(PC_DIMM(dev), MACHINE(hotplug_dev));
>      qdev_unrealize(dev);
>      spapr_pending_dimm_unplugs_remove(spapr, ds);
> 
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson