The num-lines property of the TYPE_OR_GATE device sets the number
of input lines it has. An assert() in or_irq_realize() restricts
this to the maximum supported by the implementation. However we
got the condition in the assert wrong: it should be using <=,
because num-lines == MAX_OR_LINES is permitted, and means that
all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
are used.
We didn't notice this previously because no user has so far
needed that many input lines.
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/core/or-irq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
index 18d63831cd3..2be18333811 100644
--- a/hw/core/or-irq.c
+++ b/hw/core/or-irq.c
@@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
{
qemu_or_irq *s = OR_IRQ(dev);
- assert(s->num_lines < MAX_OR_LINES);
+ assert(s->num_lines <= MAX_OR_LINES);
qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
}
--
2.20.1
On 1/20/20 3:22 PM, Peter Maydell wrote:
> The num-lines property of the TYPE_OR_GATE device sets the number
> of input lines it has. An assert() in or_irq_realize() restricts
> this to the maximum supported by the implementation. However we
> got the condition in the assert wrong: it should be using <=,
> because num-lines == MAX_OR_LINES is permitted, and means that
> all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
> are used.
>
> We didn't notice this previously because no user has so far
> needed that many input lines.
>
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> hw/core/or-irq.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
> index 18d63831cd3..2be18333811 100644
> --- a/hw/core/or-irq.c
> +++ b/hw/core/or-irq.c
> @@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
> {
> qemu_or_irq *s = OR_IRQ(dev);
>
> - assert(s->num_lines < MAX_OR_LINES);
> + assert(s->num_lines <= MAX_OR_LINES);
>
> qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
> }
>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
On 1/20/20 6:22 AM, Peter Maydell wrote:
> The num-lines property of the TYPE_OR_GATE device sets the number
> of input lines it has. An assert() in or_irq_realize() restricts
> this to the maximum supported by the implementation. However we
> got the condition in the assert wrong: it should be using <=,
> because num-lines == MAX_OR_LINES is permitted, and means that
> all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
> are used.
>
> We didn't notice this previously because no user has so far
> needed that many input lines.
>
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
> ---
> hw/core/or-irq.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
> index 18d63831cd3..2be18333811 100644
> --- a/hw/core/or-irq.c
> +++ b/hw/core/or-irq.c
> @@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
> {
> qemu_or_irq *s = OR_IRQ(dev);
>
> - assert(s->num_lines < MAX_OR_LINES);
> + assert(s->num_lines <= MAX_OR_LINES);
>
> qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
> }
>
© 2016 - 2024 Red Hat, Inc.