From d0b482eb3e8cb699a2090bc773364d3a7d369a25 Mon Sep 17 00:00:00 2001
From: Vladimir Chtchetkine <vchtchetkine@google.com>
Date: Thu, 29 Sep 2011 15:54:52 -0700
Subject: Fix IRQ allocation for goldfish devices.

There were two issues fixed here:
1. IRQ allocation (for a device) has never been checked on going out of bounds.
2. In x86 platform some IRQs were reserved (for kbd, mouse, and exception), but IRQ allocation
for goldfish devices didn't check for those reserved IRQs being assigned to a device.

Change-Id: I9d48485d973bcc8fd8a3dd1b78fbfa6a05aeea22
---
 hw/goldfish_device.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'hw/goldfish_device.c')

diff --git a/hw/goldfish_device.c b/hw/goldfish_device.c
index e98161a..e3dbfcb 100644
--- a/hw/goldfish_device.c
+++ b/hw/goldfish_device.c
@@ -12,6 +12,7 @@
 #include "qemu_file.h"
 #include "arm_pic.h"
 #include "goldfish_device.h"
+#include "android/utils/debug.h"
 #ifdef TARGET_I386
 #include "kvm.h"
 #endif
@@ -59,6 +60,18 @@ int goldfish_add_device_no_io(struct goldfish_device *dev)
     if(dev->irq == 0 && dev->irq_count > 0) {
         dev->irq = goldfish_free_irq;
         goldfish_free_irq += dev->irq_count;
+#ifdef TARGET_I386
+        /* Make sure that we pass by the reserved IRQs. */
+        while (goldfish_free_irq == GFD_KBD_IRQ ||
+               goldfish_free_irq == GFD_MOUSE_IRQ ||
+               goldfish_free_irq == GFD_ERR_IRQ) {
+            goldfish_free_irq++;
+        }
+#endif
+        if (goldfish_free_irq >= GFD_MAX_IRQ) {
+            derror("Goldfish device has exceeded available IRQ number.");
+            exit(1);
+        }
     }
     //printf("goldfish_add_device: %s, base %x %x, irq %d %d\n",
     //       dev->name, dev->base, dev->size, dev->irq, dev->irq_count);
-- 
cgit v1.1