From 8e4649cac9bcddc050d2df07908075e9e69bccc7 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Thu, 7 Aug 2025 13:08:06 +0200 Subject: e1000e: Prevent crash from legacy interrupt firing after MSI-X enable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A race condition between guest driver actions and QEMU timers can lead to an assertion failure when the guest switches the e1000e from legacy interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or RDTR) is active, but the guest enables MSI-X before the timer fires, the pending interrupt cause can trigger an assert in e1000e_intmgr_collect_delayed_causes(). This patch removes the assertion and executes the code that clears the pending legacy causes. This change is safe and introduces no unintended behavioral side effects, as it only alters a state that previously led to termination. - when core->delayed_causes == 0 the function was already a no-op and remains so. - when core->delayed_causes != 0 the function would previously crash due to the assertion failure. The patch now defines a safe outcome by clearing the cause and returning. Since behavior after the assertion never existed, this simply corrects the crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863 Suggested-by: Akihiko Odaki Signed-off-by: Laurent Vivier Acked-by: Jason Wang Reviewed-by: Akihiko Odaki Message-ID: <20250807110806.409065-1-lvivier@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/net/e1000e_core.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 2413858..06657bb 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -341,11 +341,6 @@ e1000e_intmgr_collect_delayed_causes(E1000ECore *core) { uint32_t res; - if (msix_enabled(core->owner)) { - assert(core->delayed_causes == 0); - return 0; - } - res = core->delayed_causes; core->delayed_causes = 0; -- cgit v1.1