fix segfault in msix_save

This fixes segfault reported by Kevin Wolf, and simplifies the code in msix_save. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

fix segfault in msix_save
This fixes segfault reported by Kevin Wolf, and simplifies the code in msix_save. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael S. Tsirkin · Anthony Liguori
1 parent 391354f1
Showing 1 changed file with 7 additions and 5 deletions
hw/msix.c
@@ -284,11 +284,13 @@ int msix_uninit(PCIDevice *dev)
  
 void msix_save(PCIDevice *dev, QEMUFile *f)
 {
-    unsigned nentries = (pci_get_word(dev->config + PCI_MSIX_FLAGS) &
-                         PCI_MSIX_FLAGS_QSIZE) + 1;
-    qemu_put_buffer(f, dev->msix_table_page, nentries * MSIX_ENTRY_SIZE);
-    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING,
-                    (nentries + 7) / 8);
+    unsigned n = dev->msix_entries_nr;
+
+    if (!dev->cap_present & QEMU_PCI_CAP_MSIX)
+        return;
+
+    qemu_put_buffer(f, dev->msix_table_page, n * MSIX_ENTRY_SIZE);
+    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING, (n + 7) / 8);
 }
  
 /* Should be called after restoring the config space. */