RE: [PATCH] hw/cxl/cxl-host: Fix guest crash when getting cxl-fmw property

[Xingtao Yao (Fujitsu)]

> -----Original Message-----
> From: qemu-devel-bounces+yaoxt.fnst=fujitsu.com@nongnu.org
> <qemu-devel-bounces+yaoxt.fnst=fujitsu.com@nongnu.org> On Behalf Of Zhao
> Liu
> Sent: Thursday, July 4, 2024 5:34 PM
> To: Jonathan Cameron <jonathan.cameron@huawei.com>; Fan Ni
> <fan.ni@samsung.com>
> Cc: qemu-devel@nongnu.org; qemu-stable@nongnu.org; Zhao Liu
> <zhao1.liu@intel.com>
> Subject: [PATCH] hw/cxl/cxl-host: Fix guest crash when getting cxl-fmw 
> property
> 
> From: Zhao Liu <zhao1.liu@intel.com>
> 
> Guest crashes (Segmentation fault) when getting cxl-fmw property via
> qmp:
> 
> (QEMU) qom-get path=machine property=cxl-fmw
> 
> This issue is caused by accessing wrong callback (opaque) type in
> machine_get_cfmw().
> 
> cxl_machine_init() sets the callback as `CXLState *` type but
> machine_get_cfmw() treats the callback as
> `CXLFixedMemoryWindowOptionsList **`.
> 
> Fix this error by casting opaque to `CXLState *` type in
> machine_get_cfmw().
> 
> Fixes: 03b39fcf64bc ("hw/cxl: Make the CXL fixed memory window setup a
> machine parameter.")
> Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> ---
>  hw/cxl/cxl-host.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/cxl/cxl-host.c b/hw/cxl/cxl-host.c
> index c5f5fcfd64d0..e9f2543c43c6 100644
> --- a/hw/cxl/cxl-host.c
> +++ b/hw/cxl/cxl-host.c
> @@ -315,7 +315,8 @@ static void machine_set_cxl(Object *obj, Visitor *v, const
> char *name,
>  static void machine_get_cfmw(Object *obj, Visitor *v, const char *name,
>                               void *opaque, Error **errp)
>  {
> -    CXLFixedMemoryWindowOptionsList **list = opaque;
> +    CXLState *state = opaque;
> +    CXLFixedMemoryWindowOptionsList **list = &state->cfmw_list;
> 
>      visit_type_CXLFixedMemoryWindowOptionsList(v, name, list, errp);
>  }
> --
> 2.34.1
> 

Reviewed-by: Xingtao Yao <yaoxt.fnst@fujitsu.com>