From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:56730)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1R65VY-0003Dr-La
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 14:57:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1R65VX-0003vY-FP
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 14:57:28 -0400
Received: from mail-ww0-f53.google.com ([74.125.82.53]:38811)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1R65VX-0003vP-B5
	for qemu-devel@nongnu.org; Tue, 20 Sep 2011 14:57:27 -0400
Received: by wwg14 with SMTP id 14so1043608wwg.10
	for <qemu-devel@nongnu.org>; Tue, 20 Sep 2011 11:57:26 -0700 (PDT)
Sender: Richard Henderson <rth7680@gmail.com>
Message-ID: <4E78E207.5070308@twiddle.net>
Date: Tue, 20 Sep 2011 11:57:11 -0700
From: Richard Henderson <rth@twiddle.net>
MIME-Version: 1.0
References: <00218408-4F7E-47E8-9A3A-7515E5472C40@mimectl>
In-Reply-To: <00218408-4F7E-47E8-9A3A-7515E5472C40@mimectl>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] pci_change_irq_level is broken...
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alan Amaral <alan.amaral@virtualcomputer.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

On 09/20/2011 10:24 AM, Alan Amaral wrote:
> I'm not on this mailing list, so please CC me on any replies.  Thanks.
>  
> I ran qemu with valgrind last night and found an error in the pci emulation code, which may,
> or may not, be biting us.  So far the effects seem benign, although there exists the possibility
> of trashing random memory.
>  
> In the function pci_change_irq_level() the argument irq_num is passed in as 0-3, and used
> as an index to change bus->irq_count[4].

I don't know what version of qemu you're using, but this is

      int *irq_count;

in current sources.  There's certainly no hard-coded "4".

>     assert(irq_num >= 0);
>     assert(irq_num < bus->nirq);
>     bus->irq_count[irq_num] += change;
>     bus->set_irq(bus->irq_opaque, bus_irq_num, bus->irq_count[irq_num] != 0);

This version with the asserts, though, could be done.  The site
that created the bus ought to match up nirq with the map function.


r~