From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: Indefinite recursion in pci_default_read_config
Date: Tue, 15 Dec 2009 12:59:41 +0200
Message-ID: <4B276C1D.5060909@redhat.com>
References: <4B276B81.4030709@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>
To: Hannes Reinecke <hare@suse.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:9060 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753277AbZLOK7p (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 15 Dec 2009 05:59:45 -0500
In-Reply-To: <4B276B81.4030709@suse.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 12/15/2009 12:57 PM, Hannes Reinecke wrote:
> Hi all,
>
> I just triggered a nasty indefinite recursion in pci_default_read_config:
>
> uint32_t pci_default_read_config(PCIDevice *d,
>                                   uint32_t address, int len)
> {
>      uint32_t val = 0;
>      assert(len == 1 || len == 2 || len == 4);
>
>      if (pci_access_cap_config(d, address, len)) {
>          return d->cap.config_read(d, address, len);
>      }
>
>      len = MIN(len, pci_config_size(d) - address);
>      memcpy(&val, d->config + address, len);
>      return le32_to_cpu(val);
> }
>
> And d->cap.config_read is pointing to pci_default_read_config:
>
> (gdb) print *d
> $3 = {qdev = {id = 0xc99b10 "01:10.0", state = DEV_STATE_INITIALIZED,
>      opts = 0xc99ad0, hotplugged = 0, info = 0x837e60, parent_bus = 0xc71710,
>      num_gpio_out = 0, gpio_out = 0x0, num_gpio_in = 0, gpio_in = 0x0,
>      child_bus = {lh_first = 0x0}, num_child_bus = 0, sibling = {
>        le_next = 0xc99c30, le_prev = 0xc71730}},
>    config = 0xca3010 "\206\200\312\020\003",
>    cmask = 0xca3120 "\377\377\377\377", wmask = 0xca3230 "",
>    used = 0xca3340 "", bus = 0xc71710, devfn = 32,
>    name = "pci-assign", '\000'<repeats 53 times>, io_regions = {{
>        addr = 4060102656, size = 16384, filtered_size = 16384, type = 0 '\000',
>        map_func = 0x46a5f0<assigned_dev_iomem_map>}, {addr = 0, size = 0,
>        filtered_size = 0, type = 0 '\000', map_func = 0}, {addr = 0, size = 0,
>        filtered_size = 0, type = 0 '\000', map_func = 0}, {addr = 4060119040,
>        size = 16384, filtered_size = 16384, type = 0 '\000',
>        map_func = 0x46a5f0<assigned_dev_iomem_map>}, {addr = 0, size = 0,
>        filtered_size = 0, type = 0 '\000', map_func = 0}, {addr = 0, size = 0,
>        filtered_size = 0, type = 0 '\000', map_func = 0}, {addr = 0, size = 0,
>        filtered_size = 0, type = 0 '\000', map_func = 0}},
>    config_read = 0x46a050<assigned_dev_pci_read_config>,
>    config_write = 0x469f30<assigned_dev_pci_write_config>, irq = 0xca3450,
>    irq_state = 0 '\000', cap_present = 0, msix_cap = 0 '\000',
>    msix_entries_nr = 0, msix_table_page = 0x0, msix_mmio_index = 0,
>    msix_entry_used = 0x0, msix_bar_size = 0, version_id = 2,
>    msix_page_size = 0, msix_irq_entries = 0x0, cap = {supported = 1,
>      start = 64, length = 16,
>      config_read = 0x416770<pci_default_cap_read_config>,
>      config_write = 0x46b750<assigned_device_pci_cap_write_config>}}
>    

Michael?  This is likely a bad merge on my part.  Can you help?

-- 
error compiling committee.c: too many arguments to function