Commit 9a3e12c8a48ef96bf0f3effc21a4ce98d35992f9
Committed by
Anthony Liguori
Anthony Liguori
1 parent
391354f1
fix segfault in msix_save
This fixes segfault reported by Kevin Wolf, and simplifies the code in msix_save. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Showing
1 changed file
with
7 additions
and
5 deletions
hw/msix.c
| @@ -284,11 +284,13 @@ int msix_uninit(PCIDevice *dev) | @@ -284,11 +284,13 @@ int msix_uninit(PCIDevice *dev) | ||
| 284 | 284 | ||
| 285 | void msix_save(PCIDevice *dev, QEMUFile *f) | 285 | void msix_save(PCIDevice *dev, QEMUFile *f) |
| 286 | { | 286 | { |
| 287 | - unsigned nentries = (pci_get_word(dev->config + PCI_MSIX_FLAGS) & | ||
| 288 | - PCI_MSIX_FLAGS_QSIZE) + 1; | ||
| 289 | - qemu_put_buffer(f, dev->msix_table_page, nentries * MSIX_ENTRY_SIZE); | ||
| 290 | - qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING, | ||
| 291 | - (nentries + 7) / 8); | 287 | + unsigned n = dev->msix_entries_nr; |
| 288 | + | ||
| 289 | + if (!dev->cap_present & QEMU_PCI_CAP_MSIX) | ||
| 290 | + return; | ||
| 291 | + | ||
| 292 | + qemu_put_buffer(f, dev->msix_table_page, n * MSIX_ENTRY_SIZE); | ||
| 293 | + qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING, (n + 7) / 8); | ||
| 292 | } | 294 | } |
| 293 | 295 | ||
| 294 | /* Should be called after restoring the config space. */ | 296 | /* Should be called after restoring the config space. */ |