> > HPET currently wraps num_timers in BqlCell<>. Although BqlCell<> is not
> > necessary from strictly speaking, it makes sense for vmstate to respect
> > BqlCell.
>
> Dropping BqlCell<> from num_timers is indeed possible.
Hi Paolo,
I would like to further discuss whether there's any safe issues.
num_timers is a property:
qemu_api::define_property!(
c"timers",
HPETState,
num_timers,
unsafe { &qdev_prop_uint8 },
u8,
default = HPET_MIN_TIMERS
),
Then this means someone could set this property in C side or Rust side
by:
DeviceState *hpet = qdev_new(TYPE_HPET);
qdev_prop_set_uint8(hpet, "timers", 8);
(Though we haven't provide safe interface at Rust side to set property.)
Whatever this happens at C side or Rust side, this depends on QOM core
code (in C) to overwrite the HPETState::num_timers directly.
Then after the call to qdev_prop_set_uint8() starts, all subsequent
processes happen on the C side, so even though the rewriting of num_timers
is runtime, there are no additional safety considerations because it
doesn't cross FFI boundaries. Am I understanding this correctly?
Thanks,
Zhao
