From: Laurent Vivier <lviv...@redhat.com> A race condition between guest driver actions and QEMU timers can lead to an assertion failure when the guest switches the e1000e from legacy interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or RDTR) is active, but the guest enables MSI-X before the timer fires, the pending interrupt cause can trigger an assert in e1000e_intmgr_collect_delayed_causes().
This patch removes the assertion and executes the code that clears the pending legacy causes. This change is safe and introduces no unintended behavioral side effects, as it only alters a state that previously led to termination. - when core->delayed_causes == 0 the function was already a no-op and remains so. - when core->delayed_causes != 0 the function would previously crash due to the assertion failure. The patch now defines a safe outcome by clearing the cause and returning. Since behavior after the assertion never existed, this simply corrects the crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863 Suggested-by: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp> Signed-off-by: Laurent Vivier <lviv...@redhat.com> Acked-by: Jason Wang <jasow...@redhat.com> Reviewed-by: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp> Message-ID: <20250807110806.409065-1-lviv...@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org> (cherry picked from commit 8e4649cac9bcddc050d2df07908075e9e69bccc7) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 742f5ec800..5def4cfc1c 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -336,11 +336,6 @@ e1000e_intmgr_collect_delayed_causes(E1000ECore *core) { uint32_t res; - if (msix_enabled(core->owner)) { - assert(core->delayed_causes == 0); - return 0; - } - res = core->delayed_causes; core->delayed_causes = 0; -- 2.47.3
