Title: ignore bit 0 in pci CONFIG_ADDRESS register write for Type 1 access Status in QEMU: New Bug description: I'v recently stumbled upon a bug in the Plan9 PCI config space access routines for config mode #1. The code used to set bit 0 in the CONFIG_ADDRESS register for a Type 1 access. This was most likely a misreading of the PCI local bus specification on our side. However, in the PCI local bus specification 3.0, it states the following: > Software Generation of Configuration Transactions > ... > For Type 1 translations, the host bridge directly copies the contents of the > CONFIG_ADDRESS register (excluding bits 31 and 0) onto the PCI AD lines during the > address phase of a configuration transaction making sure that AD[1::0] is "01". note the: "excluding bits 31 and 0" What happens in qemu instead is that it uses bit 0 of the CONFIG_ADDRESS register as part of the register offset (when it probably should ignore it) when translating from Type 1 to Type 0 address. So once it reaches the device behind the bridge the register address is off by one.