From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MNQ5t-0007pS-QT
	for qemu-devel@nongnu.org; Sun, 05 Jul 2009 07:41:17 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MNQ5p-0007nI-9G
	for qemu-devel@nongnu.org; Sun, 05 Jul 2009 07:41:17 -0400
Received: from [199.232.76.173] (port=50318 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MNQ5p-0007nD-5F
	for qemu-devel@nongnu.org; Sun, 05 Jul 2009 07:41:13 -0400
Received: from mx2.redhat.com ([66.187.237.31]:41162)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <mst@redhat.com>) id 1MNQ5o-000759-Ny
	for qemu-devel@nongnu.org; Sun, 05 Jul 2009 07:41:13 -0400
Date: Sun, 5 Jul 2009 14:40:31 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20090705114031.GB4798@redhat.com>
References: <cover.1246793893.git.mst@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cover.1246793893.git.mst@redhat.com>
Subject: [Qemu-devel] [PATCHv4 1/5] qemu/msi: fix segfault in msix_save
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, avi@redhat.com, kvm@vger.kernel.org, aliguori@us.ibm.com, kwolf@redhat.com, glommer@redhat.com, blauwirbel@gmail.com

This fixes segfault reported by Kevin Wolf,
and simplifies the code in msix_save.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 Fixed brace usage reported by Blue Swirl.

 hw/msix.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/msix.c b/hw/msix.c
index 4ab6da6..b67ea39 100644
--- a/hw/msix.c
+++ b/hw/msix.c
@@ -284,11 +284,13 @@ int msix_uninit(PCIDevice *dev)
 
 void msix_save(PCIDevice *dev, QEMUFile *f)
 {
-    unsigned nentries = (pci_get_word(dev->config + PCI_MSIX_FLAGS) &
-                         PCI_MSIX_FLAGS_QSIZE) + 1;
-    qemu_put_buffer(f, dev->msix_table_page, nentries * MSIX_ENTRY_SIZE);
-    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING,
-                    (nentries + 7) / 8);
+    unsigned n = dev->msix_entries_nr;
+
+    if (!(dev->cap_present & QEMU_PCI_CAP_MSIX))
+        return;
+
+    qemu_put_buffer(f, dev->msix_table_page, n * MSIX_ENTRY_SIZE);
+    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING, (n + 7) / 8);
 }
 
 /* Should be called after restoring the config space. */
-- 
1.6.2.2