[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 62/97] fdc: fix segfault in fdctrl_stop_transfer() w
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 62/97] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled |
Date: |
Mon, 1 Apr 2019 15:59:36 -0500 |
From: Mark Cave-Ayland <address@hidden>
Commit c8a35f1cf0f "fdc: use IsaDma interface instead of global DMA_*
functions" accidentally introduced a segfault in fdctrl_stop_transfer() for
non-DMA transfers.
If fdctrl->dma_chann has not been configured then the fdctrl->dma interface
reference isn't initialised during isabus_fdc_realize(). Unfortunately
fdctrl_stop_transfer() unconditionally references the DMA interface when
finishing the transfer causing a NULL pointer dereference.
Fix the issue by adding a check in fdctrl_stop_transfer() so that the DMA
interface reference and release method is only invoked if fdctrl->dma_chann
has been set.
(This issue was discovered by Martin testing a recent change in the NetBSD
installer under qemu-system-sparc)
Cc: address@hidden
Reported-by: Martin Husemann <address@hidden>
Signed-off-by: Mark Cave-Ayland <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Hervé Poussineau <address@hidden>
Reviewed-by: John Snow <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 441f6692ecc14859b77af2ac6d8f55e6f1354d3b)
Signed-off-by: Michael Roth <address@hidden>
---
hw/block/fdc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 2e9c1e1e2f..6f19f127a5 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1617,7 +1617,7 @@ static void fdctrl_stop_transfer(FDCtrl *fdctrl, uint8_t
status0,
fdctrl->fifo[5] = cur_drv->sect;
fdctrl->fifo[6] = FD_SECTOR_SC;
fdctrl->data_dir = FD_DIR_READ;
- if (!(fdctrl->msr & FD_MSR_NONDMA)) {
+ if (fdctrl->dma_chann != -1 && !(fdctrl->msr & FD_MSR_NONDMA)) {
IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
k->release_DREQ(fdctrl->dma, fdctrl->dma_chann);
}
--
2.17.1
- [Qemu-devel] [PATCH 86/97] tpm: Make sure the locality received from backend is valid, (continued)
- [Qemu-devel] [PATCH 86/97] tpm: Make sure the locality received from backend is valid, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 01/97] target/arm: Fix sign of sve_cmpeq_ppzw/sve_cmpne_ppzw, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 63/97] qemu-img: Fix typo, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 41/97] block/rbd: Attempt to parse legacy filenames, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 80/97] linux-user: make pwrite64/pread64(fd, NULL, 0, offset) return 0, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 58/97] vhost-scsi: prevent using uninitialized vqs, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 91/97] tpm_tis: fix loop that cancels any seizure by a lower locality, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 40/97] block/rbd: pull out qemu_rbd_convert_options, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 50/97] virtio: do not take address of packed members, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 77/97] pc:piix4: Update smbus I/O space after a migration, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 62/97] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled,
Michael Roth <=
- [Qemu-devel] [PATCH 15/97] target/arm: Use fp_status_fp16 for do_fmpa_zpzzz_h, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 90/97] slirp: check sscanf result when emulating ident, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 83/97] tpm: Zero-init structure to avoid uninitialized variables in valgrind log, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 04/97] target/arm: Fix typo in helper_sve_movz_d, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 88/97] acpi: Make TPM 2.0 with TIS available as MSFT0101, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 05/97] target/arm: Fix typo in helper_sve_ld1hss_r, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 34/97] tests: update acpi expected files, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 60/97] make-release: add skiboot .version file, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 48/97] net: ignore packet size greater than INT_MAX, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 94/97] nvme: fix out-of-bounds access to the CMB, Michael Roth, 2019/04/01