From 81f66cfd24ccd2645b19366d768a72f20ea3838b Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 30 Jun 2020 11:03:44 +0200 Subject: [PATCH] mips/cps: Fix mips_cps_realize() error API violations The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call. mips_cps_realize() is wrong that way: it passes &err to multiple object_property_set_FOO() without checking for failure, and then to sysbus_realize(). Harmless, because the object_property_set_FOO() can't actually fail here. Fix by passing &error_abort instead. Cc: Aleksandar Markovic Cc: Aurelien Jarno Cc: Aleksandar Rikalo Signed-off-by: Markus Armbruster Message-Id: <20200630090351.1247703-20-armbru@redhat.com> --- hw/mips/cps.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/hw/mips/cps.c b/hw/mips/cps.c index 5382bc86f7..0d7f3cf673 100644 --- a/hw/mips/cps.c +++ b/hw/mips/cps.c @@ -100,10 +100,12 @@ static void mips_cps_realize(DeviceState *dev, Error **errp) /* Inter-Thread Communication Unit */ if (itu_present) { object_initialize_child(OBJECT(dev), "itu", &s->itu, TYPE_MIPS_ITU); - object_property_set_int(OBJECT(&s->itu), 16, "num-fifo", &err); - object_property_set_int(OBJECT(&s->itu), 16, "num-semaphores", &err); + object_property_set_int(OBJECT(&s->itu), 16, "num-fifo", + &error_abort); + object_property_set_int(OBJECT(&s->itu), 16, "num-semaphores", + &error_abort); object_property_set_bool(OBJECT(&s->itu), saar_present, "saar-present", - &err); + &error_abort); if (saar_present) { s->itu.saar = &env->CP0_SAAR; } @@ -119,8 +121,10 @@ static void mips_cps_realize(DeviceState *dev, Error **errp) /* Cluster Power Controller */ object_initialize_child(OBJECT(dev), "cpc", &s->cpc, TYPE_MIPS_CPC); - object_property_set_int(OBJECT(&s->cpc), s->num_vp, "num-vp", &err); - object_property_set_int(OBJECT(&s->cpc), 1, "vp-start-running", &err); + object_property_set_int(OBJECT(&s->cpc), s->num_vp, "num-vp", + &error_abort); + object_property_set_int(OBJECT(&s->cpc), 1, "vp-start-running", + &error_abort); sysbus_realize(SYS_BUS_DEVICE(&s->cpc), &err); if (err != NULL) { error_propagate(errp, err); @@ -132,8 +136,10 @@ static void mips_cps_realize(DeviceState *dev, Error **errp) /* Global Interrupt Controller */ object_initialize_child(OBJECT(dev), "gic", &s->gic, TYPE_MIPS_GIC); - object_property_set_int(OBJECT(&s->gic), s->num_vp, "num-vp", &err); - object_property_set_int(OBJECT(&s->gic), 128, "num-irq", &err); + object_property_set_int(OBJECT(&s->gic), s->num_vp, "num-vp", + &error_abort); + object_property_set_int(OBJECT(&s->gic), 128, "num-irq", + &error_abort); sysbus_realize(SYS_BUS_DEVICE(&s->gic), &err); if (err != NULL) { error_propagate(errp, err); @@ -147,9 +153,12 @@ static void mips_cps_realize(DeviceState *dev, Error **errp) gcr_base = env->CP0_CMGCRBase << 4; object_initialize_child(OBJECT(dev), "gcr", &s->gcr, TYPE_MIPS_GCR); - object_property_set_int(OBJECT(&s->gcr), s->num_vp, "num-vp", &err); - object_property_set_int(OBJECT(&s->gcr), 0x800, "gcr-rev", &err); - object_property_set_int(OBJECT(&s->gcr), gcr_base, "gcr-base", &err); + object_property_set_int(OBJECT(&s->gcr), s->num_vp, "num-vp", + &error_abort); + object_property_set_int(OBJECT(&s->gcr), 0x800, "gcr-rev", + &error_abort); + object_property_set_int(OBJECT(&s->gcr), gcr_base, "gcr-base", + &error_abort); object_property_set_link(OBJECT(&s->gcr), OBJECT(&s->gic.mr), "gic", &error_abort); object_property_set_link(OBJECT(&s->gcr), OBJECT(&s->cpc.mr), "cpc",