| Message ID | 1353435411-24349-1-git-send-email-peter.maydell@linaro.org |
|---|---|
| State | Accepted |
| Commit | d688e5239aad2a1f991147974832ce026f78c1a3 |
| Headers | show |
On 20.11.2012, at 19:16, Peter Maydell wrote: > Pass qemu_sglist_init the global dma_context_memory rather than a NULL > pointer; this fixes a segfault in dma_memory_map() when the guest > starts using DMA. > > Reported-by: Amadeusz Sławiński <amade@asmblr.net> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Thanks, applied to ppc-next. Alex > --- > Test case: download the squeeze standard image from > http://people.debian.org/~aurel32/qemu/powerpc/ > and run with > qemu-system-ppc -hda debian_squeeze_powerpc_standard.qcow2 > Without this patch it will crash as soon as Linux tries to > talk to the disk (the boot loader is OK as it doesn't DMA). > > Obvious for-1.3 bugfix. > > hw/ide/macio.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/hw/ide/macio.c b/hw/ide/macio.c > index 720af6e..d2edcc0 100644 > --- a/hw/ide/macio.c > +++ b/hw/ide/macio.c > @@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) > > s->io_buffer_size = io->len; > > - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); > + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, > + &dma_context_memory); > qemu_sglist_add(&s->sg, io->addr, io->len); > io->addr += io->len; > io->len = 0; > @@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret) > s->io_buffer_index = 0; > s->io_buffer_size = io->len; > > - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); > + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, > + &dma_context_memory); > qemu_sglist_add(&s->sg, io->addr, io->len); > io->addr += io->len; > io->len = 0; > -- > 1.7.9.5 >
diff --git a/hw/ide/macio.c b/hw/ide/macio.c index 720af6e..d2edcc0 100644 --- a/hw/ide/macio.c +++ b/hw/ide/macio.c @@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) s->io_buffer_size = io->len; - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, + &dma_context_memory); qemu_sglist_add(&s->sg, io->addr, io->len); io->addr += io->len; io->len = 0; @@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret) s->io_buffer_index = 0; s->io_buffer_size = io->len; - qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL); + qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, + &dma_context_memory); qemu_sglist_add(&s->sg, io->addr, io->len); io->addr += io->len; io->len = 0;
Pass qemu_sglist_init the global dma_context_memory rather than a NULL pointer; this fixes a segfault in dma_memory_map() when the guest starts using DMA. Reported-by: Amadeusz Sławiński <amade@asmblr.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- Test case: download the squeeze standard image from http://people.debian.org/~aurel32/qemu/powerpc/ and run with qemu-system-ppc -hda debian_squeeze_powerpc_standard.qcow2 Without this patch it will crash as soon as Linux tries to talk to the disk (the boot loader is OK as it doesn't DMA). Obvious for-1.3 bugfix. hw/ide/macio.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)