1. Patchew
  2. QEMU
  3. [Patch v9 0/6] core/loader: capture Error from load_image_targphys
  4. View patch

[Patch v9 3/6] core/loader: improve error handling in image loading functions

Vishal Chourasia posted 6 patches 3 days, 1 hour ago
Maintainers: Richard Henderson <richard.henderson@linaro.org>, Peter Maydell <peter.maydell@linaro.org>, Antony Pavlov <antonynpavlov@gmail.com>, Rob Herring <robh@kernel.org>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Alistair Francis <alistair@alistair23.me>, "Alex Bennée" <alex.bennee@linaro.org>, Helge Deller <deller@gmx.de>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Corey Minyard <minyard@acm.org>, Song Gao <gaosong@loongson.cn>, Bibo Mao <maobibo@loongson.cn>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Thomas Huth <huth@tuxfamily.org>, Laurent Vivier <laurent@vivier.eu>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>, Paul Burton <paulburton@kernel.org>, Aleksandar Rikalo <arikalo@gmail.com>, Huacai Chen <chenhuacai@kernel.org>, "Hervé Poussineau" <hpoussin@reactos.org>, Aurelien Jarno <aurelien@aurel32.net>, Stafford Horne <shorne@gmail.com>, BALATON Zoltan <balaton@eik.bme.hu>, Bernhard Beschow <shentey@gmail.com>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Nicholas Piggin <npiggin@gmail.com>, Aditya Gupta <adityag@linux.ibm.com>, Glenn Miles <milesg@linux.ibm.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Palmer Dabbelt <palmer@dabbelt.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <dbarboza@ventanamicro.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Yoshinori Sato <yoshinori.sato@nifty.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Jared Rossi <jrossi@linux.ibm.com>, Zhuoying Cai <zycai@linux.ibm.com>, David Hildenbrand <david@redhat.com>, Ilya Leoshkevich <iii@linux.ibm.com>, Halil Pasic <pasic@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, Magnus Damm <magnus.damm@gmail.com>, Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>, "Clément Chigot" <chigot@adacore.com>, Frederic Konrad <konrad.frederic@yahoo.fr>, Artyom Tarasenko <atar4qemu@gmail.com>, Max Filippov <jcmvbkbc@gmail.com>, David Gibson <david@gibson.dropbear.id.au>
There is a newer version of this series
[Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Vishal Chourasia 3 days, 1 hour ago 
Add error checking for lseek() failure and provide better error
messages when image loading fails, including filenames and addresses.

Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
---
 hw/core/loader.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 7aca4989ef..48dd4e7b33 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, Error **errp)
     if (fd < 0)
         return -1;
     size = lseek(fd, 0, SEEK_END);
+    if (size < 0) {
+        error_setg_errno(errp, errno, "lseek failure: %s", filename);
+        return -1;
+    }
     close(fd);
     return size;
 }
@@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char *filename,
                                hwaddr addr, uint64_t max_sz, AddressSpace *as,
                                Error **errp)
 {
+    ERRP_GUARD();
     ssize_t size;
 
     size = get_image_size(filename, errp);
-    if (size < 0 || size > max_sz) {
+    if (*errp) {
+        return -1;
+    }
+
+    if (size > max_sz) {
+        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " MiB)",
+                   filename, max_sz / MiB);
         return -1;
     }
+
     if (size > 0) {
         if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
+            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
+                       filename, addr);
             return -1;
         }
     }
-- 
2.51.0
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by BALATON Zoltan 2 days, 23 hours ago 
On Fri, 24 Oct 2025, Vishal Chourasia wrote:
> Add error checking for lseek() failure and provide better error
> messages when image loading fails, including filenames and addresses.
>
> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
> ---
> hw/core/loader.c | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index 7aca4989ef..48dd4e7b33 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, Error **errp)
>     if (fd < 0)
>         return -1;
>     size = lseek(fd, 0, SEEK_END);
> +    if (size < 0) {
> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
> +        return -1;
> +    }
>     close(fd);
>     return size;
> }
> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char *filename,
>                                hwaddr addr, uint64_t max_sz, AddressSpace *as,
>                                Error **errp)
> {
> +    ERRP_GUARD();
>     ssize_t size;
>
>     size = get_image_size(filename, errp);
> -    if (size < 0 || size > max_sz) {
> +    if (*errp) {
> +        return -1;
> +    }
> +
> +    if (size > max_sz) {
> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " MiB)",
> +                   filename, max_sz / MiB);

MiB is arbitrary here. This function is used to load all kinds of images 
such as ROMs which may be 64k-2MB or even executables in generic loader 
that can be a few kilobytes. This might result in errors saying max size 
is 0 MiB if the allowed size is less than a MiB (e.g. amigaone PROM_SIZE = 
512 KiB) and integer division discards fractions. Do we have a function to 
pretty print sizes or maybe this should be left as bytes or at most 
kilobytes?

Regards,
BALATON Zoltan

>         return -1;
>     }
> +
>     if (size > 0) {
>         if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
> +            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
> +                       filename, addr);
>             return -1;
>         }
>     }
>
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Peter Maydell 2 days, 22 hours ago 
On Fri, 24 Oct 2025 at 12:25, BALATON Zoltan <balaton@eik.bme.hu> wrote:
>
> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
> > Add error checking for lseek() failure and provide better error
> > messages when image loading fails, including filenames and addresses.
> >
> > Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>

> > +    if (size > max_sz) {
> > +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " MiB)",
> > +                   filename, max_sz / MiB);
>
> MiB is arbitrary here. This function is used to load all kinds of images
> such as ROMs which may be 64k-2MB or even executables in generic loader
> that can be a few kilobytes. This might result in errors saying max size
> is 0 MiB if the allowed size is less than a MiB (e.g. amigaone PROM_SIZE =
> 512 KiB) and integer division discards fractions. Do we have a function to
> pretty print sizes or maybe this should be left as bytes or at most
> kilobytes?

Yes, we have size_to_str() for this purpose.

thanks
-- PMM
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Vishal Chourasia 2 days, 22 hours ago 
On 24/10/25 17:48, Peter Maydell wrote:
> On Fri, 24 Oct 2025 at 12:25, BALATON Zoltan <balaton@eik.bme.hu> wrote:
>> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>>> Add error checking for lseek() failure and provide better error
>>> messages when image loading fails, including filenames and addresses.
>>>
>>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>>> +    if (size > max_sz) {
>>> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " MiB)",
>>> +                   filename, max_sz / MiB);
>> MiB is arbitrary here. This function is used to load all kinds of images
>> such as ROMs which may be 64k-2MB or even executables in generic loader
>> that can be a few kilobytes. This might result in errors saying max size
>> is 0 MiB if the allowed size is less than a MiB (e.g. amigaone PROM_SIZE =
>> 512 KiB) and integer division discards fractions. Do we have a function to
>> pretty print sizes or maybe this should be left as bytes or at most
>> kilobytes?
> Yes, we have size_to_str() for this purpose.

Thanks Peter, I will add it in next version.

vishalc
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Vishal Chourasia 2 days, 23 hours ago 
Hi Balaton, Philippe

On 24/10/25 16:55, BALATON Zoltan wrote:
> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>> Add error checking for lseek() failure and provide better error
>> messages when image loading fails, including filenames and addresses.
>>
>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>> ---
>> hw/core/loader.c | 16 +++++++++++++++-
>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>> index 7aca4989ef..48dd4e7b33 100644
>> --- a/hw/core/loader.c
>> +++ b/hw/core/loader.c
>> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, Error 
>> **errp)
>>     if (fd < 0)
>>         return -1;
>>     size = lseek(fd, 0, SEEK_END);
>> +    if (size < 0) {
>> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
>> +        return -1;
>> +    }
>>     close(fd);
>>     return size;
>> }
>> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char 
>> *filename,
>>                                hwaddr addr, uint64_t max_sz, 
>> AddressSpace *as,
>>                                Error **errp)
>> {
>> +    ERRP_GUARD();
>>     ssize_t size;
>>
>>     size = get_image_size(filename, errp);
>> -    if (size < 0 || size > max_sz) {
>> +    if (*errp) {
>> +        return -1;
>> +    }
>> +
>> +    if (size > max_sz) {
>> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " 
>> MiB)",
>> +                   filename, max_sz / MiB);
>
> MiB is arbitrary here. This function is used to load all kinds of 
> images such as ROMs which may be 64k-2MB or even executables in 
> generic loader that can be a few kilobytes. This might result in 
> errors saying max size is 0 MiB if the allowed size is less than a MiB 
> (e.g. amigaone PROM_SIZE = 512 KiB) and integer division discards 
> fractions. Do we have a function to pretty print sizes or maybe this 
> should be left as bytes or at most kilobytes?
>
Yes, for images sizes less than a megabyte.
Perhaps we can leave it at Kilobytes

I will send out another version.
I will also address the *errp vs size<0 comment from Philippe.

Thanks,
vishalc

> Regards,
> BALATON Zoltan
>
>>         return -1;
>>     }
>> +
>>     if (size > 0) {
>>         if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
>> +            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
>> +                       filename, addr);
>>             return -1;
>>         }
>>     }
>>
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Philippe Mathieu-Daudé 2 days, 22 hours ago 
On 24/10/25 14:11, Vishal Chourasia wrote:
> Hi Balaton, Philippe
> 
> On 24/10/25 16:55, BALATON Zoltan wrote:
>> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>>> Add error checking for lseek() failure and provide better error
>>> messages when image loading fails, including filenames and addresses.
>>>
>>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>>> ---
>>> hw/core/loader.c | 16 +++++++++++++++-
>>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>>> index 7aca4989ef..48dd4e7b33 100644
>>> --- a/hw/core/loader.c
>>> +++ b/hw/core/loader.c
>>> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, Error 
>>> **errp)
>>>     if (fd < 0)
>>>         return -1;
>>>     size = lseek(fd, 0, SEEK_END);
>>> +    if (size < 0) {
>>> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
>>> +        return -1;
>>> +    }
>>>     close(fd);
>>>     return size;
>>> }
>>> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char 
>>> *filename,
>>>                                hwaddr addr, uint64_t max_sz, 
>>> AddressSpace *as,
>>>                                Error **errp)
>>> {
>>> +    ERRP_GUARD();
>>>     ssize_t size;
>>>
>>>     size = get_image_size(filename, errp);
>>> -    if (size < 0 || size > max_sz) {
>>> +    if (*errp) {
>>> +        return -1;
>>> +    }
>>> +
>>> +    if (size > max_sz) {
>>> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " 
>>> MiB)",
>>> +                   filename, max_sz / MiB);
>>
>> MiB is arbitrary here. This function is used to load all kinds of 
>> images such as ROMs which may be 64k-2MB or even executables in 
>> generic loader that can be a few kilobytes. This might result in 
>> errors saying max size is 0 MiB if the allowed size is less than a MiB 
>> (e.g. amigaone PROM_SIZE = 512 KiB) and integer division discards 
>> fractions. Do we have a function to pretty print sizes or maybe this 
>> should be left as bytes or at most kilobytes?
>>
> Yes, for images sizes less than a megabyte.
> Perhaps we can leave it at Kilobytes
> 
> I will send out another version.

If so, then please use qemu_strtosz().

> I will also address the *errp vs size<0 comment from Philippe.
> 
> Thanks,
> vishalc
> 
>> Regards,
>> BALATON Zoltan
>>
>>>         return -1;
>>>     }
>>> +
>>>     if (size > 0) {
>>>         if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
>>> +            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
>>> +                       filename, addr);
>>>             return -1;
>>>         }
>>>     }
>>>
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Vishal Chourasia 2 days, 22 hours ago 
Hi Philippe,

On 24/10/25 18:17, Philippe Mathieu-Daudé wrote:
> On 24/10/25 14:11, Vishal Chourasia wrote:
>> Hi Balaton, Philippe
>>
>> On 24/10/25 16:55, BALATON Zoltan wrote:
>>> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>>>> Add error checking for lseek() failure and provide better error
>>>> messages when image loading fails, including filenames and addresses.
>>>>
>>>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>>>> ---
>>>> hw/core/loader.c | 16 +++++++++++++++-
>>>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>>>> index 7aca4989ef..48dd4e7b33 100644
>>>> --- a/hw/core/loader.c
>>>> +++ b/hw/core/loader.c
>>>> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, 
>>>> Error **errp)
>>>>     if (fd < 0)
>>>>         return -1;
>>>>     size = lseek(fd, 0, SEEK_END);
>>>> +    if (size < 0) {
>>>> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
>>>> +        return -1;
>>>> +    }
>>>>     close(fd);
>>>>     return size;
>>>> }
>>>> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char 
>>>> *filename,
>>>>                                hwaddr addr, uint64_t max_sz, 
>>>> AddressSpace *as,
>>>>                                Error **errp)
>>>> {
>>>> +    ERRP_GUARD();
>>>>     ssize_t size;
>>>>
>>>>     size = get_image_size(filename, errp);
>>>> -    if (size < 0 || size > max_sz) {
>>>> +    if (*errp) {
>>>> +        return -1;
>>>> +    }
>>>> +
>>>> +    if (size > max_sz) {
>>>> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 
>>>> " MiB)",
>>>> +                   filename, max_sz / MiB);
>>>
>>> MiB is arbitrary here. This function is used to load all kinds of 
>>> images such as ROMs which may be 64k-2MB or even executables in 
>>> generic loader that can be a few kilobytes. This might result in 
>>> errors saying max size is 0 MiB if the allowed size is less than a 
>>> MiB (e.g. amigaone PROM_SIZE = 512 KiB) and integer division 
>>> discards fractions. Do we have a function to pretty print sizes or 
>>> maybe this should be left as bytes or at most kilobytes?
>>>
>> Yes, for images sizes less than a megabyte.
>> Perhaps we can leave it at Kilobytes
>>
>> I will send out another version.
>
> If so, then please use qemu_strtosz().

There is another function size_to_str() suggested by Peter I was 
planning to use it, as it was doing the expected job.

It seems qemu_strtosz() converts size strings to bytes.

Thanks, vishalc

>
>> I will also address the *errp vs size<0 comment from Philippe.
>>
>> Thanks,
>> vishalc
>>
>>> Regards,
>>> BALATON Zoltan
>>>
>>>>         return -1;
>>>>     }
>>>> +
>>>>     if (size > 0) {
>>>>         if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
>>>> +            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
>>>> +                       filename, addr);
>>>>             return -1;
>>>>         }
>>>>     }
>>>>
>
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Philippe Mathieu-Daudé 2 days, 21 hours ago 
On 24/10/25 14:58, Vishal Chourasia wrote:
> Hi Philippe,
> 
> On 24/10/25 18:17, Philippe Mathieu-Daudé wrote:
>> On 24/10/25 14:11, Vishal Chourasia wrote:
>>> Hi Balaton, Philippe
>>>
>>> On 24/10/25 16:55, BALATON Zoltan wrote:
>>>> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>>>>> Add error checking for lseek() failure and provide better error
>>>>> messages when image loading fails, including filenames and addresses.
>>>>>
>>>>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>>>>> ---
>>>>> hw/core/loader.c | 16 +++++++++++++++-
>>>>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>>>>> index 7aca4989ef..48dd4e7b33 100644
>>>>> --- a/hw/core/loader.c
>>>>> +++ b/hw/core/loader.c
>>>>> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, 
>>>>> Error **errp)
>>>>>     if (fd < 0)
>>>>>         return -1;
>>>>>     size = lseek(fd, 0, SEEK_END);
>>>>> +    if (size < 0) {
>>>>> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
>>>>> +        return -1;
>>>>> +    }
>>>>>     close(fd);
>>>>>     return size;
>>>>> }
>>>>> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char 
>>>>> *filename,
>>>>>                                hwaddr addr, uint64_t max_sz, 
>>>>> AddressSpace *as,
>>>>>                                Error **errp)
>>>>> {
>>>>> +    ERRP_GUARD();
>>>>>     ssize_t size;
>>>>>
>>>>>     size = get_image_size(filename, errp);
>>>>> -    if (size < 0 || size > max_sz) {
>>>>> +    if (*errp) {
>>>>> +        return -1;
>>>>> +    }
>>>>> +
>>>>> +    if (size > max_sz) {
>>>>> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 
>>>>> " MiB)",
>>>>> +                   filename, max_sz / MiB);
>>>>
>>>> MiB is arbitrary here. This function is used to load all kinds of 
>>>> images such as ROMs which may be 64k-2MB or even executables in 
>>>> generic loader that can be a few kilobytes. This might result in 
>>>> errors saying max size is 0 MiB if the allowed size is less than a 
>>>> MiB (e.g. amigaone PROM_SIZE = 512 KiB) and integer division 
>>>> discards fractions. Do we have a function to pretty print sizes or 
>>>> maybe this should be left as bytes or at most kilobytes?
>>>>
>>> Yes, for images sizes less than a megabyte.
>>> Perhaps we can leave it at Kilobytes
>>>
>>> I will send out another version.
>>
>> If so, then please use qemu_strtosz().
> 
> There is another function size_to_str() suggested by Peter I was 
> planning to use it, as it was doing the expected job.
> 
> It seems qemu_strtosz() converts size strings to bytes.

Yes, they are the opposite ;)
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Vishal Chourasia 2 days, 21 hours ago 
On 24/10/25 18:52, Philippe Mathieu-Daudé wrote:
> On 24/10/25 14:58, Vishal Chourasia wrote:
>> Hi Philippe,
>>
>> On 24/10/25 18:17, Philippe Mathieu-Daudé wrote:
>>> On 24/10/25 14:11, Vishal Chourasia wrote:
>>>> Hi Balaton, Philippe
>>>>
>>>> On 24/10/25 16:55, BALATON Zoltan wrote:
>>>>> On Fri, 24 Oct 2025, Vishal Chourasia wrote:
>>>>>> Add error checking for lseek() failure and provide better error
>>>>>> messages when image loading fails, including filenames and 
>>>>>> addresses.
>>>>>>
>>>>>> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
>>>>>> ---
>>>>>> hw/core/loader.c | 16 +++++++++++++++-
>>>>>> 1 file changed, 15 insertions(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>>>>>> index 7aca4989ef..48dd4e7b33 100644
>>>>>> --- a/hw/core/loader.c
>>>>>> +++ b/hw/core/loader.c
>>>>>> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, 
>>>>>> Error **errp)
>>>>>>     if (fd < 0)
>>>>>>         return -1;
>>>>>>     size = lseek(fd, 0, SEEK_END);
>>>>>> +    if (size < 0) {
>>>>>> +        error_setg_errno(errp, errno, "lseek failure: %s", 
>>>>>> filename);
>>>>>> +        return -1;
>>>>>> +    }
>>>>>>     close(fd);
>>>>>>     return size;
>>>>>> }
>>>>>> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char 
>>>>>> *filename,
>>>>>>                                hwaddr addr, uint64_t max_sz, 
>>>>>> AddressSpace *as,
>>>>>>                                Error **errp)
>>>>>> {
>>>>>> +    ERRP_GUARD();
>>>>>>     ssize_t size;
>>>>>>
>>>>>>     size = get_image_size(filename, errp);
>>>>>> -    if (size < 0 || size > max_sz) {
>>>>>> +    if (*errp) {
>>>>>> +        return -1;
>>>>>> +    }
>>>>>> +
>>>>>> +    if (size > max_sz) {
>>>>>> +        error_setg(errp, "%s exceeds maximum image size (%" 
>>>>>> PRIu64 " MiB)",
>>>>>> +                   filename, max_sz / MiB);
>>>>>
>>>>> MiB is arbitrary here. This function is used to load all kinds of 
>>>>> images such as ROMs which may be 64k-2MB or even executables in 
>>>>> generic loader that can be a few kilobytes. This might result in 
>>>>> errors saying max size is 0 MiB if the allowed size is less than a 
>>>>> MiB (e.g. amigaone PROM_SIZE = 512 KiB) and integer division 
>>>>> discards fractions. Do we have a function to pretty print sizes or 
>>>>> maybe this should be left as bytes or at most kilobytes?
>>>>>
>>>> Yes, for images sizes less than a megabyte.
>>>> Perhaps we can leave it at Kilobytes
>>>>
>>>> I will send out another version.
>>>
>>> If so, then please use qemu_strtosz().
>>
>> There is another function size_to_str() suggested by Peter I was 
>> planning to use it, as it was doing the expected job.
>>
>> It seems qemu_strtosz() converts size strings to bytes.
>
> Yes, they are the opposite ;)

:)

Hi Philippe,

I have sent out v10 in which I have used size_to_str() to pretty print 
size information.
I have retained your RB, but now I am unsure if i should have not.

Can you review again perhaps

Thanks,
Vishal
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Philippe Mathieu-Daudé 3 days, 1 hour ago 
On 24/10/25 11:26, Vishal Chourasia wrote:
> Add error checking for lseek() failure and provide better error
> messages when image loading fails, including filenames and addresses.
> 
> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
> ---
>   hw/core/loader.c | 16 +++++++++++++++-
>   1 file changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index 7aca4989ef..48dd4e7b33 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -79,6 +79,10 @@ int64_t get_image_size(const char *filename, Error **errp)
>       if (fd < 0)
>           return -1;
>       size = lseek(fd, 0, SEEK_END);
> +    if (size < 0) {
> +        error_setg_errno(errp, errno, "lseek failure: %s", filename);
> +        return -1;
> +    }
>       close(fd);
>       return size;
>   }
> @@ -129,14 +133,24 @@ ssize_t load_image_targphys_as(const char *filename,
>                                  hwaddr addr, uint64_t max_sz, AddressSpace *as,
>                                  Error **errp)
>   {
> +    ERRP_GUARD();
>       ssize_t size;
>   
>       size = get_image_size(filename, errp);
> -    if (size < 0 || size > max_sz) {
> +    if (*errp) {

Although safe with ERRP_GUARD(), we try to avoid checking *errp as
a pattern. I'll update (no need to repost) as:

       if (size < 0) {

> +        return -1;
> +    }

        else

> +    if (size > max_sz) {
> +        error_setg(errp, "%s exceeds maximum image size (%" PRIu64 " MiB)",
> +                   filename, max_sz / MiB);
>           return -1;
>       }

         else

>       if (size > 0) {
>           if (rom_add_file_fixed_as(filename, addr, -1, as) < 0) {
> +            error_setg(errp, "could not load '%s' at %" HWADDR_PRIx,
> +                       filename, addr);
>               return -1;
>           }
>       }
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Re: [Patch v9 3/6] core/loader: improve error handling in image loading functions
Posted by Aditya Gupta 3 days, 1 hour ago 
On 25/10/24 02:56PM, Vishal Chourasia wrote:
> Add error checking for lseek() failure and provide better error
> messages when image loading fails, including filenames and addresses.
> 
> Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>

Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>

Thanks,
- Aditya G

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.