Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transf

From:	Hervé Poussineau
Subject:	Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled
Date:	Mon, 12 Nov 2018 19:03:43 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

Le 11/11/2018 à 10:40, Mark Cave-Ayland a écrit :

Commit c8a35f1cf0f "fdc: use IsaDma interface instead of global DMA_*
functions" accidentally introduced a segfault in fdctrl_stop_transfer() for
non-DMA transfers.

If fdctrl->dma_chann has not been configured then the fdctrl->dma interface
reference isn't initialised during isabus_fdc_realize(). Unfortunately
fdctrl_stop_transfer() unconditionally references the DMA interface when
finishing the transfer causing a NULL pointer dereference.

Fix the issue by adding a check in fdctrl_stop_transfer() so that the DMA
interface reference and release method is only invoked if fdctrl->dma_chann
has been set.

(This issue was discovered by Martin testing a recent change in the NetBSD
installer under qemu-system-sparc)

Reported-by: Martin Husemann <address@hidden>
Signed-off-by: Mark Cave-Ayland <address@hidden>


Reviewed-by: Hervé Poussineau <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Mark Cave-Ayland, 2018/11/11
- Re: [Qemu-block] [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Philippe Mathieu-Daudé, 2018/11/11
- Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Hervé Poussineau <=
- Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, John Snow, 2018/11/12
  - Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Kevin Wolf, 2018/11/13
    - Re: [Qemu-block] [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, John Snow, 2018/11/13
    - Re: [Qemu-block] [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Mark Cave-Ayland, 2018/11/18
    - Re: [Qemu-block] [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Kevin Wolf, 2018/11/19

Prev by Date: Re: [Qemu-block] [RFC PATCH 0/2] Acceptance tests for qemu-img
Next by Date: Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled
Previous by thread: Re: [Qemu-block] [Qemu-devel] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled
Next by thread: Re: [Qemu-block] [PATCH for-3.1] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled
Index(es):
- Date
- Thread