When called on an unrealized Q35 host bridge (e.g. from qmp_qom_list_properties), h->bus is NULL since the root bus is only created during realize. Guard against this in both the pci_hole64_start and pci_hole64_end getters.
Signed-off-by: Marc-André Lureau <[email protected]> --- hw/pci-host/q35.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index e85e4227b37..355e81bfa20 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -132,8 +132,14 @@ static void q35_host_get_pci_hole64_start(Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) { - uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj); + PCIHostState *h = PCI_HOST_BRIDGE(obj); + uint64_t hole64_start; + if (!h->bus) { + error_setg(errp, "PCI host bridge not realized"); + return; + } + hole64_start = q35_host_get_pci_hole64_start_value(obj); visit_type_uint64(v, name, &hole64_start, errp); } @@ -149,10 +155,15 @@ static void q35_host_get_pci_hole64_end(Object *obj, Visitor *v, { PCIHostState *h = PCI_HOST_BRIDGE(obj); Q35PCIHost *s = Q35_HOST_DEVICE(obj); - uint64_t hole64_start = q35_host_get_pci_hole64_start_value(obj); + uint64_t hole64_start; Range w64; uint64_t value, hole64_end; + if (!h->bus) { + error_setg(errp, "PCI host bridge not realized"); + return; + } + hole64_start = q35_host_get_pci_hole64_start_value(obj); pci_bus_get_w64_range(h->bus, &w64); value = range_is_empty(&w64) ? 0 : range_upb(&w64) + 1; hole64_end = ROUND_UP(hole64_start + s->mch.pci_hole64_size, 1ULL << 30); -- 2.54.0
