fix segfault in msix_save

This fixes segfault reported by Kevin Wolf, and simplifies the code in msix_save. Reported-by: N Kevin Wolf <kwolf@redhat.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

fix segfault in msix_save
This fixes segfault reported by Kevin Wolf, and simplifies the code in msix_save. Reported-by: N Kevin Wolf <kwolf@redhat.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
9a3e12c8 · Michael S. Tsirkin · Anthony Liguori · 391354f1 · 9a3e12c8
隐藏空白更改
内联并排

Showing with 7 addition and 5 deletion

hw/msix.c hw/msix.c +7 -5

未找到文件。
--- a/hw/msix.c
+++ b/hw/msix.c
@@ -284,11 +284,13 @@ int msix_uninit(PCIDevice *dev)

 void msix_save(PCIDevice *dev, QEMUFile *f)
 {
-    unsigned nentries = (pci_get_word(dev->config + PCI_MSIX_FLAGS) &
-                         PCI_MSIX_FLAGS_QSIZE) + 1;
-    qemu_put_buffer(f, dev->msix_table_page, nentries * MSIX_ENTRY_SIZE);
-    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING,
-                    (nentries + 7) / 8);
+    unsigned n = dev->msix_entries_nr;
+
+    if (!dev->cap_present & QEMU_PCI_CAP_MSIX)
+        return;
+
+    qemu_put_buffer(f, dev->msix_table_page, n * MSIX_ENTRY_SIZE);
+    qemu_put_buffer(f, dev->msix_table_page + MSIX_PAGE_PENDING, (n + 7) / 8);
 }

 /* Should be called after restoring the config space. */