Commit 9279ddf2eb for qemu.org
commit 9279ddf2eb34de9da54ab78868768fe37647f336
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Fri Apr 24 19:04:53 2026 +0400
hw/pci-host/i440fx: handle NULL bus in pci-hole64 getters
When called on an unrealized i440FX host bridge (e.g. from
qmp_qom_list_properties), h->bus is NULL since the root bus is only
created during realize. Guard against this in both
pci_hole64_start and pci_hole64_end getters, reporting an error.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
diff --git a/hw/pci-host/i440fx.c b/hw/pci-host/i440fx.c
index e7d638b296..c1982f7962 100644
--- a/hw/pci-host/i440fx.c
+++ b/hw/pci-host/i440fx.c
@@ -189,8 +189,14 @@ static void i440fx_pcihost_get_pci_hole64_start(Object *obj, Visitor *v,
const char *name,
void *opaque, Error **errp)
{
- uint64_t hole64_start = i440fx_pcihost_get_pci_hole64_start_value(obj);
+ PCIHostState *h = PCI_HOST_BRIDGE(obj);
+ uint64_t hole64_start;
+ if (!h->bus) {
+ error_setg(errp, "PCI host bridge not realized");
+ return;
+ }
+ hole64_start = i440fx_pcihost_get_pci_hole64_start_value(obj);
visit_type_uint64(v, name, &hole64_start, errp);
}
@@ -206,10 +212,15 @@ static void i440fx_pcihost_get_pci_hole64_end(Object *obj, Visitor *v,
{
PCIHostState *h = PCI_HOST_BRIDGE(obj);
I440FXState *s = I440FX_PCI_HOST_BRIDGE(obj);
- uint64_t hole64_start = i440fx_pcihost_get_pci_hole64_start_value(obj);
+ uint64_t hole64_start;
Range w64;
uint64_t value, hole64_end;
+ if (!h->bus) {
+ error_setg(errp, "PCI host bridge not realized");
+ return;
+ }
+ hole64_start = i440fx_pcihost_get_pci_hole64_start_value(obj);
pci_bus_get_w64_range(h->bus, &w64);
value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1;
hole64_end = ROUND_UP(hole64_start + s->pci_hole64_size, 1ULL << 30);