Re: [PATCH v16 01/12] target/riscv: Add cpu_set_exception_base

Sun, 11 Jan 2026 21:46:32 -0800 

On Thu, Jan 8, 2026 at 11:41 PM Djordje Todorovic
<[email protected]> wrote:
>
> Add a new function, so we can change reset vector from platforms
> during runtime.
>
> Signed-off-by: Chao-ying Fu <[email protected]>
> Signed-off-by: Djordje Todorovic <[email protected]>
> Reviewed-by: Daniel Henrique Barboza <[email protected]>
> Reviewed-by: Alistair Francis <[email protected]>
> ---
>  target/riscv/cpu.c | 16 ++++++++++++++++
>  target/riscv/cpu.h |  4 ++++
>  2 files changed, 20 insertions(+)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 8f26d8b8b0..39f2336a70 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -73,6 +73,22 @@ bool riscv_cpu_option_set(const char *optname)
>      return g_hash_table_contains(general_user_opts, optname);
>  }
>
> +#ifndef CONFIG_USER_ONLY
> +/* This is used in runtime only. */
> +void cpu_set_exception_base(int vp_index, target_ulong address)
> +{
> +    RISCVCPU *cpu;
> +    CPUState *cs = qemu_get_cpu(vp_index);
> +    if (cs == NULL) {
> +        qemu_log_mask(LOG_GUEST_ERROR,
> +                      "cpu_set_exception_base: invalid vp_index: %u",
> +                      vp_index);

We are missing a return here!

Coverity found the issue

*** CID 1644077:         Null pointer dereferences  (FORWARD_NULL)
/builds/qemu-project/qemu/target/riscv/cpu.c: 88             in
cpu_set_exception_base()
82         if (cs == NULL) {
83             qemu_log_mask(LOG_GUEST_ERROR,
84                           "cpu_set_exception_base: invalid vp_index: %u",
85                           vp_index);
86         }
87         cpu = RISCV_CPU(cs);
>>>     CID 1644077:         Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "cpu".
88         cpu->env.resetvec = address;
89     }
90     #endif
91
92     static void riscv_cpu_cfg_merge(RISCVCPUConfig *dest, const
RISCVCPUConfig *src)
93     {


Can you send a patch to fix this

Alistair

> +    }
> +    cpu = RISCV_CPU(cs);
> +    cpu->env.resetvec = address;
> +}
> +#endif
> +
>  static void riscv_cpu_cfg_merge(RISCVCPUConfig *dest, const RISCVCPUConfig 
> *src)
>  {
>  #define BOOL_FIELD(x) dest->x |= src->x;
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 90b3e95105..decf1e69d9 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -674,6 +674,10 @@ G_NORETURN void riscv_raise_exception(CPURISCVState *env,
>  target_ulong riscv_cpu_get_fflags(CPURISCVState *env);
>  void riscv_cpu_set_fflags(CPURISCVState *env, target_ulong);
>
> +#ifndef CONFIG_USER_ONLY
> +void cpu_set_exception_base(int vp_index, target_ulong address);
> +#endif
> +
>  FIELD(TB_FLAGS, MEM_IDX, 0, 3)
>  FIELD(TB_FLAGS, FS, 3, 2)
>  /* Vector flags */
> --
> 2.34.1

Reply via email to