[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-block] [PATCH 0/4] ahci: unmap fixes

From: John Snow
Subject: [Qemu-block] [PATCH 0/4] ahci: unmap fixes
Date: Fri, 29 Jan 2016 16:41:25 -0500

As reported by Zuozhi fzz <address@hidden>, there's a problem
you can expose in AHCI by rewriting the command list buffer and/or FIS
receive buffer addresses, then re-starting the AHCI device before bringing
it to a stop. Depending on the success of the remap operations, you may
be able to transition the device to a state where it thinks it is "running"
but no longer has a guest memory mapping.

When you try to transition it to the stopped state, QEMU crashes.

Tighten up the start/stop conditions, and pepper in a paranoia check inside
of the unmap function.


For convenience, this branch is available at:
https://github.com/jnsnow/qemu.git branch ahci-unmap-fixes

This version is tagged ahci-unmap-fixes-v1:

John Snow (4):
  ahci: Do not unmap NULL addresses
  ahci: handle LIST_ON and FIS_ON in map helpers
  ahci: explicitly reject bad engine states on post_load
  ahci: prohibit "restarting" the FIS or CLB engines

 hw/ide/ahci.c | 96 ++++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 59 insertions(+), 37 deletions(-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]