diff options
| author | Akihiko Odaki <akihiko.odaki@daynix.com> | 2023-02-23 19:20:11 +0900 |
|---|---|---|
| committer | Jason Wang <jasowang@redhat.com> | 2023-03-10 15:35:38 +0800 |
| commit | 0cbd6e52215427f13dadcde4e58bce455519bb03 (patch) | |
| tree | 72f1787c5b7818110bdc1fe90c35769d762a3b66 | |
| parent | dd32b5ea7eeea367058ec8e0f9eb41de41a8d106 (diff) | |
| download | qemu-0cbd6e52215427f13dadcde4e58bce455519bb03.zip qemu-0cbd6e52215427f13dadcde4e58bce455519bb03.tar.gz qemu-0cbd6e52215427f13dadcde4e58bce455519bb03.tar.bz2 | |
e1000e: Do not assert when MSI-X is disabled later
Assertions will fail if MSI-X gets disabled while a timer for MSI-X
interrupts is running so remove them to avoid abortions. Fortunately,
nothing bad happens even if the assertions won't trigger as
msix_notify(), called by timer handlers, does nothing when MSI-X is
disabled.
This bug was found by Alexander Bulekov when fuzzing igb, a new
device implementation derived from e1000e:
https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/
The fixed test case is:
fuzz/crash_aea040166819193cf9fedb810c6d100221da721a
Fixes: 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
| -rw-r--r-- | hw/net/e1000e_core.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index ff93547..76c7814 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -162,8 +162,6 @@ e1000e_intrmgr_on_throttling_timer(void *opaque) { E1000IntrDelayTimer *timer = opaque; - assert(!msix_enabled(timer->core->owner)); - timer->running = false; if (msi_enabled(timer->core->owner)) { @@ -183,8 +181,6 @@ e1000e_intrmgr_on_msix_throttling_timer(void *opaque) E1000IntrDelayTimer *timer = opaque; int idx = timer - &timer->core->eitr[0]; - assert(msix_enabled(timer->core->owner)); - timer->running = false; trace_e1000e_irq_msix_notify_postponed_vec(idx); |