|
| From: | Anton Nefedov |
| Subject: | Re: [Qemu-ppc] [PATCH] macio: fix NULL pointer dereference when issuing IDE trim |
| Date: | Mon, 26 Feb 2018 11:56:19 +0300 |
| User-agent: | Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
On 23/2/2018 9:47 PM, Mark Cave-Ayland wrote:
Commit ef0e64a983 "ide: pass IDEState to trim AIO callback" changed the IDE trim callback from using a BlockBackend to an IDEState but forgot to update the dma_blk_io() call in hw/ide/macio.c accordingly.
I somehow missed this whole macio part in that series :(
Without this fix qemu-system-ppc segfaults when issuing an IDE trim command on any of the PPC Mac machines (easily triggered by running the Debian installer). Reported-by: Howard Spoelstra <address@hidden> Signed-off-by: Mark Cave-Ayland <address@hidden>
Reviewed-by: Anton Nefedov <address@hidden> ..but there should also be a fix-up for 947858b "ide: abort TRIM operation for invalid range" which apparently lacks a few steps on the invalid range errorpath for macio. I'll look into that.
---
hw/ide/macio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 2e043ef1ea..d3a85cba3b 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -187,7 +187,7 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
break;
case IDE_DMA_TRIM:
s->bus->dma->aiocb = dma_blk_io(blk_get_aio_context(s->blk), &s->sg,
- offset, 0x1, ide_issue_trim, s->blk,
+ offset, 0x1, ide_issue_trim, s,
pmac_ide_transfer_cb, io,
DMA_DIRECTION_TO_DEVICE);
break;
| [Prev in Thread] | Current Thread | [Next in Thread] |