[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/4] ahci: unmap fixes
|
From: |
John Snow |
|
Subject: |
Re: [Qemu-devel] [PATCH 0/4] ahci: unmap fixes |
|
Date: |
Mon, 8 Feb 2016 11:53:45 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
PJP, ping? Look good?
On 01/29/2016 04:41 PM, John Snow wrote:
> As reported by Zuozhi fzz <address@hidden>, there's a problem
> you can expose in AHCI by rewriting the command list buffer and/or FIS
> receive buffer addresses, then re-starting the AHCI device before bringing
> it to a stop. Depending on the success of the remap operations, you may
> be able to transition the device to a state where it thinks it is "running"
> but no longer has a guest memory mapping.
>
> When you try to transition it to the stopped state, QEMU crashes.
>
> Tighten up the start/stop conditions, and pepper in a paranoia check inside
> of the unmap function.
>
> ________________________________________________________________________________
>
> For convenience, this branch is available at:
> https://github.com/jnsnow/qemu.git branch ahci-unmap-fixes
> https://github.com/jnsnow/qemu/tree/ahci-unmap-fixes
>
> This version is tagged ahci-unmap-fixes-v1:
> https://github.com/jnsnow/qemu/releases/tag/ahci-unmap-fixes-v1
>
> John Snow (4):
> ahci: Do not unmap NULL addresses
> ahci: handle LIST_ON and FIS_ON in map helpers
> ahci: explicitly reject bad engine states on post_load
> ahci: prohibit "restarting" the FIS or CLB engines
>
> hw/ide/ahci.c | 96
> ++++++++++++++++++++++++++++++++++++-----------------------
> 1 file changed, 59 insertions(+), 37 deletions(-)
>
- Re: [Qemu-devel] [PATCH 0/4] ahci: unmap fixes,
John Snow <=