On 5/7/26 15:16, Philippe Mathieu-Daudé wrote:
On 6/5/26 17:23, Cédric Le Goater wrote:
This check was originally introduced in commit b3ebc10c373e
("vfio-pci: Add debug config options to disable MSI/X KVM support") as
part of a debug block to retrieve the MSI/MSIX message, and was later
moved by commit 0de70dc7bab1 ("vfio/pci: Rename MSI/X functions for
easier tracing") into the main interrupt handling path, becoming
production code.
Under normal conditions, this code path cannot be reached because the
BQL serializes all handler registration, vdev->interrupt updates, and
handler removal. Replace abort() with g_assert_not_reached(), which is
preferred nowdays, and add a comment clarifying the purpose.
Cc: Alex Williamson <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]>
---
hw/vfio/pci.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index
09acd3f6082b0a9c5223780bf7e9847b57424cf7..7ca2ff4e7c1cb570cd60d35454b33b5506dae36e
100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -453,7 +453,12 @@ static void vfio_msi_interrupt(void *opaque)
get_msg = msi_get_message;
notify = msi_notify;
} else {
- abort();
+ /*
+ * Interrupt state transitions (MSI/MSI-X -> NONE/INTx) are
+ * protected by the BQL, and eventfd handlers are strictly
+ * unregistered before vdev->interrupt is modified.
+ */
+ g_assert_not_reached();
}
Could be more readable using switch(vdev->interrupt).
I agree. But let's have another patch for it if you don't mind.
This change is about the rational for the abort() and it was
reported to the security list.
Thanks,
C.
