[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.0] cpu: do not use QOM casts in ENV_GET_CP
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH for-2.0] cpu: do not use QOM casts in ENV_GET_CPU |
|
Date: |
Wed, 26 Mar 2014 14:55:31 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 |
Il 26/03/2014 14:42, Paolo Bonzini ha scritto:
QOM casts are only typesafe inasmuch as we know that the argument is
a QOM object. If it is not, the accesses to fields in Object can
access invalid memory and thus cause a segfault.
Using a QOM cast in ENV_GET_CPU is useless and harmful. Useless,
because the cast is applied to the result of container_of, which is
type safe. So the QOM cast is nothing but typesafety theater.
Harmful, because ENV_GET_CPU *is* used in hot paths especially
now that, in 2.0, the movement of fields from CPU_COMMON to
CPUState was completed.
Reported-by: Laurent Desnogues <address@hidden>
Cc: Andreas Faerber <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Andreas pointed out on IRC that this is just the tip of the iceberg, due
to code like this:
static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
ARMCPU *cpu = arm_env_get_cpu(env);
if (arm_feature(env, ARM_FEATURE_LPAE)) {
/* With LPAE the TTBCR could result in a change of ASID
* via the TTBCR.A1 bit, so do a TLB flush.
*/
tlb_flush(CPU(cpu), 1);
}
vmsa_ttbcr_raw_write(env, ri, value);
}
(from target-arm/helper.c). Given this, and the limited time to fix the
problem in 2.0 where it got magnified, I think we should reconsider
whether releases should ahve QOM cast debugging enabled.
Paolo