From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:59516)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1R66CZ-0004RR-Nu
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 15:41:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1R66CY-0004f2-GQ
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 15:41:55 -0400
Received: from fmmailgate02.web.de ([217.72.192.227]:42231)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1R66CY-0004ew-3U
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 15:41:54 -0400
Message-ID: <4E78EC7B.9030808@web.de>
Date: Tue, 20 Sep 2011 21:41:47 +0200
From: Jan Kiszka <jan.kiszka@web.de>
MIME-Version: 1.0
References: <00218408-4F7E-47E8-9A3A-7515E5472C40@mimectl>,
	<4E78E207.5070308@twiddle.net>
	<E7BCD741-8D2C-43E1-863E-928A598E41CC@mimectl>
In-Reply-To: <E7BCD741-8D2C-43E1-863E-928A598E41CC@mimectl>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig78D49CCFFFEDEFBC228B4E78"
Sender: jan.kiszka@web.de
Subject: Re: [Qemu-devel] pci_change_irq_level is broken...
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alan Amaral <alan.amaral@virtualcomputer.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, Richard Henderson <rth@twiddle.net>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig78D49CCFFFEDEFBC228B4E78
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 2011-09-20 21:19, Alan Amaral wrote:
> QEMU emulator version 0.14.50, Copyright (c) 2003-2008 Fabrice Bellard

(That's an ambitious development version.)

>=20
> You are correct, it's not hardcoded to 4.  However, when it's allocated=
 the number of elements IS 4.  Also,
> there's a comment just above pci_set_irq which says:
>=20
> /* 0 <=3D irq_num <=3D 3. level must be 0 or 1 */
> static void pci_set_irq(void *opaque, int irq_num, int level)
>=20
> so, that implies to me that it's probably always 4...  Sorry for the co=
nfusion.

Assuming you look at PIIX3: Yes, it allocates 4 IRQs - but only returns
0..3 via pci_slot_get_pirq. Xen uses some more, but also looks safe.

Can you provide a backtrace where irq_num gets larger than 3 and writes
beyond the end of irq_count? Do you have private patches in your tree?

Jan


--------------enig78D49CCFFFEDEFBC228B4E78
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk547H4ACgkQitSsb3rl5xR5sACg4XSIuZ9UZper4JHrLjwSldIa
BhsAoMbdewqCjyEDAtFuRTmN4MhgkH8O
=/M+S
-----END PGP SIGNATURE-----

--------------enig78D49CCFFFEDEFBC228B4E78--