hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES

[PATCH] hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES

Posted by Peter Maydell 6 years ago

The num-lines property of the TYPE_OR_GATE device sets the number
of input lines it has. An assert() in or_irq_realize() restricts
this to the maximum supported by the implementation. However we
got the condition in the assert wrong: it should be using <=,
because num-lines == MAX_OR_LINES is permitted, and means that
all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
are used.

We didn't notice this previously because no user has so far
needed that many input lines.

Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/or-irq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
index 18d63831cd3..2be18333811 100644
--- a/hw/core/or-irq.c
+++ b/hw/core/or-irq.c
@@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
 {
     qemu_or_irq *s = OR_IRQ(dev);
 
-    assert(s->num_lines < MAX_OR_LINES);
+    assert(s->num_lines <= MAX_OR_LINES);
 
     qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
 }
-- 
2.20.1

Re: [PATCH] hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES

Posted by Philippe Mathieu-Daudé 6 years ago

On 1/20/20 3:22 PM, Peter Maydell wrote:
> The num-lines property of the TYPE_OR_GATE device sets the number
> of input lines it has. An assert() in or_irq_realize() restricts
> this to the maximum supported by the implementation. However we
> got the condition in the assert wrong: it should be using <=,
> because num-lines == MAX_OR_LINES is permitted, and means that
> all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
> are used.
> 
> We didn't notice this previously because no user has so far
> needed that many input lines.
> 
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/or-irq.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
> index 18d63831cd3..2be18333811 100644
> --- a/hw/core/or-irq.c
> +++ b/hw/core/or-irq.c
> @@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
>   {
>       qemu_or_irq *s = OR_IRQ(dev);
>   
> -    assert(s->num_lines < MAX_OR_LINES);
> +    assert(s->num_lines <= MAX_OR_LINES);
>   
>       qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
>   }
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Re: [PATCH] hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES

Posted by Guenter Roeck 6 years ago

On 1/20/20 6:22 AM, Peter Maydell wrote:
> The num-lines property of the TYPE_OR_GATE device sets the number
> of input lines it has. An assert() in or_irq_realize() restricts
> this to the maximum supported by the implementation. However we
> got the condition in the assert wrong: it should be using <=,
> because num-lines == MAX_OR_LINES is permitted, and means that
> all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
> are used.
> 
> We didn't notice this previously because no user has so far
> needed that many input lines.
> 
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Guenter Roeck <linux@roeck-us.net>

> ---
>   hw/core/or-irq.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
> index 18d63831cd3..2be18333811 100644
> --- a/hw/core/or-irq.c
> +++ b/hw/core/or-irq.c
> @@ -58,7 +58,7 @@ static void or_irq_realize(DeviceState *dev, Error **errp)
>   {
>       qemu_or_irq *s = OR_IRQ(dev);
>   
> -    assert(s->num_lines < MAX_OR_LINES);
> +    assert(s->num_lines <= MAX_OR_LINES);
>   
>       qdev_init_gpio_in(dev, or_irq_handler, s->num_lines);
>   }
>