On Mon, Jun 15, 2026 at 11:20 PM Qingwei Hu <[email protected]> wrote: > > The emulated IMSIC state arrays are only allocated when QEMU handles > the interrupt controller state itself. With KVM AIA/APLIC-IMSIC, the > interrupt controller state is owned by the KVM in-kernel irqchip, so > these emulated state arrays are not allocated. > > The IMSIC reset handler still clears those arrays unconditionally. This > makes qemu_system_reset(), which runs during machine creation, > dereference NULL pointers with -machine virt,aia=aplic-imsic and KVM. > > Skip the emulated IMSIC reset path when the interrupt controller is > handled by KVM. The emulated path is unchanged for TCG and for > configurations that use QEMU emulation. > > Fixes: 766391483b ("hw/intc: riscv_imsic: Add reset API to IMSIC") > Reviewed-by: Nutty Liu <[email protected]> > Signed-off-by: Qingwei Hu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]> Alistair > --- > hw/intc/riscv_imsic.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/intc/riscv_imsic.c b/hw/intc/riscv_imsic.c > index ac59496c22..f1f23c3a3e 100644 > --- a/hw/intc/riscv_imsic.c > +++ b/hw/intc/riscv_imsic.c > @@ -347,6 +347,10 @@ static void riscv_imsic_reset_enter(Object *obj, > ResetType type) > RISCVIMSICState *imsic = RISCV_IMSIC(obj); > int i; > > + if (kvm_irqchip_in_kernel()) { > + return; > + } > + > memset(imsic->eidelivery, 0, sizeof(uint32_t) * imsic->num_pages); > memset(imsic->eithreshold, 0, sizeof(uint32_t) * imsic->num_pages); > > -- > 2.47.3 > >
