From: Laurent Vivier Date: Thu, 7 Aug 2025 11:08:06 +0000 (+0200) Subject: e1000e: Prevent crash from legacy interrupt firing after MSI-X enable X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e4649cac9bcddc050d2df07908075e9e69bccc7;p=thirdparty%2Fqemu.git e1000e: Prevent crash from legacy interrupt firing after MSI-X enable A race condition between guest driver actions and QEMU timers can lead to an assertion failure when the guest switches the e1000e from legacy interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or RDTR) is active, but the guest enables MSI-X before the timer fires, the pending interrupt cause can trigger an assert in e1000e_intmgr_collect_delayed_causes(). This patch removes the assertion and executes the code that clears the pending legacy causes. This change is safe and introduces no unintended behavioral side effects, as it only alters a state that previously led to termination. - when core->delayed_causes == 0 the function was already a no-op and remains so. - when core->delayed_causes != 0 the function would previously crash due to the assertion failure. The patch now defines a safe outcome by clearing the cause and returning. Since behavior after the assertion never existed, this simply corrects the crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863 Suggested-by: Akihiko Odaki Signed-off-by: Laurent Vivier Acked-by: Jason Wang Reviewed-by: Akihiko Odaki Message-ID: <20250807110806.409065-1-lvivier@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 24138587905..06657bb3ac5 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -341,11 +341,6 @@ e1000e_intmgr_collect_delayed_causes(E1000ECore *core) { uint32_t res; - if (msix_enabled(core->owner)) { - assert(core->delayed_causes == 0); - return 0; - } - res = core->delayed_causes; core->delayed_causes = 0;