From patchwork Tue Nov 20 18:16:51 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 13014
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id DD38723FC0
 for <patchwork@peony.canonical.com>;
 Tue, 20 Nov 2012 18:16:58 +0000 (UTC)
Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com
 [209.85.223.180])
 by fiordland.canonical.com (Postfix) with ESMTP id 8F0FCA183E1
 for <linaro-patchwork@canonical.com>;
 Tue, 20 Nov 2012 18:16:58 +0000 (UTC)
Received: by mail-ie0-f180.google.com with SMTP id e10so8627339iej.11
 for <linaro-patchwork@canonical.com>;
 Tue, 20 Nov 2012 10:16:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-forwarded-to:x-forwarded-for:delivered-to:received-spf:from:to:cc
 :subject:date:message-id:x-mailer:mime-version:content-type
 :content-transfer-encoding:x-gm-message-state;
 bh=k4t3toER1b0ZYQ1cCHhLVhdMzH68OBQu4wpnWUUN01c=;
 b=Jq90EoyboTLWcNp3P7aXZm2ccXON6fHnV9kikpGUAOIG8dZSlEZ/A16gKojSPkJlCQ
 FPvaZhaWWSmh2UY1SBj1fFCV8l9/8Pt3SH8yXMoWSS+OfZOrbypqn5r2T/aGV4G565S0
 Ii56n0Q+VWdOvj8G0q0eNAGp7ODonpSfCOMPEt9dCd/bHACrQcRqHAWQ61m6f5FliDSl
 8EAol/PQS4nJebfRw5HRZMwx+LTSBqtxtGsoxRGevSBc+fxQbzb5Jjd/u8jeaB1h18C+
 mDd7LwfCLio6nvjDCDPdXc4jE3ASM3IJikX61FPX/vhc222eLKShKZ3hNo9vNRXMr8P8
 3EFg==
Received: by 10.50.186.199 with SMTP id fm7mr10793787igc.62.1353435417870;
 Tue, 20 Nov 2012 10:16:57 -0800 (PST)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.50.67.148 with SMTP id n20csp363686igt;
 Tue, 20 Nov 2012 10:16:57 -0800 (PST)
Received: by 10.180.99.1 with SMTP id em1mr13176867wib.17.1353435416518;
 Tue, 20 Nov 2012 10:16:56 -0800 (PST)
Received: from mnementh.archaic.org.uk
 (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa.
 [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id
 v52si2914342wed.125.2012.11.20.10.16.55
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 20 Nov 2012 10:16:56 -0800 (PST)
Received-SPF: neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor
 denied by best guess record for domain of
 pm215@archaic.org.uk) client-ip=2001:8b0:1d0::1; 
Authentication-Results: mx.google.com;
 spf=neutral (google.com: 2001:8b0:1d0::1 is neither
 permitted nor denied by best guess record for domain of
 pm215@archaic.org.uk) smtp.mail=pm215@archaic.org.uk
Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72)
 (envelope-from <pm215@archaic.org.uk>)
 id 1TasNP-0006LA-EW; Tue, 20 Nov 2012 18:16:51 +0000
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org, Alexander Graf <agraf@suse.de>,
 =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>,
 Anthony Liguori <aliguori@us.ibm.com>
Subject: [PATCH for-1.3] hw/ide/macio: Fix segfault caused by NULL DMAContext*
Date: Tue, 20 Nov 2012 18:16:51 +0000
Message-Id: <1353435411-24349-1-git-send-email-peter.maydell@linaro.org>
X-Mailer: git-send-email 1.7.2.5
MIME-Version: 1.0
X-Gm-Message-State: ALoCoQkFpludVblT3zo+COhfuq5DFN9xwnfeWwQAF80wCFMBhiPRNfP+YIayfEOL0RBOyDNvKw5H

Pass qemu_sglist_init the global dma_context_memory rather than a NULL
pointer; this fixes a segfault in dma_memory_map() when the guest
starts using DMA.

Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
Test case: download the squeeze standard image from
http://people.debian.org/~aurel32/qemu/powerpc/
and run with
  qemu-system-ppc -hda debian_squeeze_powerpc_standard.qcow2
Without this patch it will crash as soon as Linux tries to
talk to the disk (the boot loader is OK as it doesn't DMA).

Obvious for-1.3 bugfix.

 hw/ide/macio.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 720af6e..d2edcc0 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
 
     s->io_buffer_size = io->len;
 
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
     qemu_sglist_add(&s->sg, io->addr, io->len);
     io->addr += io->len;
     io->len = 0;
@@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
     s->io_buffer_index = 0;
     s->io_buffer_size = io->len;
 
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
     qemu_sglist_add(&s->sg, io->addr, io->len);
     io->addr += io->len;
     io->len = 0;