From 748ccb6fef239888b674681bfb14b963dbf1e57a Mon Sep 17 00:00:00 2001
From: Alex Williamson <alex.williamson@redhat.com>
Date: Mon, 7 Jun 2010 15:08:36 -0300
Subject: [PATCH 5/6] device-assignment: don't truncate MSIX capabilities table size

RH-Author: Alex Williamson <alex.williamson@redhat.com>
Message-id: <20100607150707.1189.57874.stgit@virtlab9.virt.bos.redhat.com>
Patchwork-id: 9743
O-Subject: [RHEL6.0 qemu-kvm PATCH] device-assignment: don't truncate MSIX
	capabilities table size
Bugzilla: 596315
RH-Acked-by: Juan Quintela <quintela@redhat.com>
RH-Acked-by: Don Dutile <ddutile@redhat.com>
RH-Acked-by: Chris Wright <chrisw@redhat.com>
RH-Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>

Bugzilla: 596315
Upstream commit: 413ce615484153757e5b974676beac32b6cb7750

PCI_MSIX_TABSIZE is 0x07ff

Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Acked-by: Chris Wright <chrisw@redhat.com>
Acked-by: Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
---

 hw/device-assignment.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 hw/device-assignment.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/device-assignment.c b/hw/device-assignment.c
index d28dc71..d3f67da 100644
--- a/hw/device-assignment.c
+++ b/hw/device-assignment.c
@@ -895,7 +895,7 @@ static int assigned_dev_update_msix_mmio(PCIDevice *pci_dev)
     else
         pos = pci_dev->cap.start;
 
-    entries_max_nr = pci_dev->config[pos + 2];
+    entries_max_nr = *(uint16_t *)(pci_dev->config + pos + 2);
     entries_max_nr &= PCI_MSIX_TABSIZE;
     entries_max_nr += 1;
 
@@ -1077,8 +1077,8 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev)
         entry_nr = assigned_dev_pci_read_word(pci_dev, pos + 2) &
                                                              PCI_MSIX_TABSIZE;
         pci_dev->config[pci_dev->cap.start + pci_dev->cap.length] = 0x11;
-        pci_dev->config[pci_dev->cap.start +
-                        pci_dev->cap.length + 2] = entry_nr;
+        *(uint16_t *)(pci_dev->config + pci_dev->cap.start +
+                      pci_dev->cap.length + 2) = entry_nr;
         msix_table_entry = assigned_dev_pci_read_long(pci_dev,
                                                       pos + PCI_MSIX_TABLE);
         *(uint32_t *)(pci_dev->config + pci_dev->cap.start +
-- 
1.7.0.3