Ok. Cases to the contrary notwithstanding, what I'm seeing is the size of the
irq_count array
is 4 and the code is clearly accessing entry 4 and beyond. We are using Xen
(sorry if I didn't
mention that earlier).
#0 pci_change_irq_level (pci_dev=0x1c3a730, irq_num=4, change=0)
at
/home/aamaral/orc-next/orc-tree/orc-xen/xen-4.0/tools/ioemu-dir/hw/pci.c:125
125 bus->irq_count[irq_num] += change;
(gdb) p irq_num
$23 = 4 <- It was zero on entry to this function but was changed
by xen_pci_slot_get_pirq
(gdb) p bus->nirq
$24 = 4
(gdb)
Please see my earlier reply to Jan Kiszka for full details.
Thanks,
Alan
From: Richard Henderson
Sent: Tue 9/20/2011 3:56 PM
To: Alan Amaral
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] pci_change_irq_level is broken...
On 09/20/2011 12:19 PM, Alan Amaral wrote:
> QEMU emulator version 0.14.50, Copyright (c) 2003-2008 Fabrice Bellard
> You are correct, it's not hardcoded to 4. However, when it's allocated the
> number of elements IS 4. Also,
> there's a comment just above pci_set_irq which says:
>
> /* 0 <= irq_num <= 3. level must be 0 or 1 */
> static void pci_set_irq(void *opaque, int irq_num, int level)
> so, that implies to me that it's probably always 4...
The first use I examined was apb_pci.c:
d->bus = pci_register_bus(&d->busdev.qdev, "pci",
pci_apb_set_irq, pci_pbm_map_irq, d,
&d->pci_mmio,
get_system_io(),
0, 32);
where the last argument indicates that we allocate 32 irqs,
and the pci_pbm_map_irq function returns a value in the set
{ 0, 1, 2, 3, 16, 17, 18, 19 }.
r~
