From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NUfOo-0005QV-Gi
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 06:59:02 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NUfOj-0005Ma-CA
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 06:59:01 -0500
Received: from [199.232.76.173] (port=52116 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NUfOi-0005M6-UL
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 06:58:57 -0500
Received: from cantor2.suse.de ([195.135.220.15]:58128 helo=mx2.suse.de)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <agraf@suse.de>) id 1NUfOi-0003wo-6M
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 06:58:56 -0500
From: Alexander Graf <agraf@suse.de>
Date: Tue, 12 Jan 2010 12:58:45 +0100
Message-Id: <1263297526-13518-9-git-send-email-agraf@suse.de>
In-Reply-To: <1263297526-13518-1-git-send-email-agraf@suse.de>
References: <1263297526-13518-1-git-send-email-agraf@suse.de>
Subject: [Qemu-devel] [PATCH 8/9] PPC: Get rid of segfaults in DBDMA
	emulation
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: QEMU Developers <qemu-devel@nongnu.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>

While trying to find the right channel number for the DBDMA emulation I
stumbled across segmentation faults that were purely triggered by the guest.

The guest should never have the possiblity to segfault us, so let's check
all indirect function calls on a channel, so the code even works for channels
that have not been reserved.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/mac_dbdma.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/mac_dbdma.c b/hw/mac_dbdma.c
index 8ec3d99..8f94c35 100644
--- a/hw/mac_dbdma.c
+++ b/hw/mac_dbdma.c
@@ -402,7 +402,9 @@ static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
     ch->io.dma_end = dbdma_end;
     ch->io.is_dma_out = 1;
     ch->processing = 1;
-    ch->rw(&ch->io);
+    if (ch->rw) {
+        ch->rw(&ch->io);
+    }
 }
 
 static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
@@ -425,7 +427,9 @@ static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
     ch->io.dma_end = dbdma_end;
     ch->io.is_dma_out = 0;
     ch->processing = 1;
-    ch->rw(&ch->io);
+    if (ch->rw) {
+        ch->rw(&ch->io);
+    }
 }
 
 static void load_word(DBDMA_channel *ch, int key, uint32_t addr,
@@ -688,7 +692,7 @@ dbdma_control_write(DBDMA_channel *ch)
 
     if (status & ACTIVE)
         qemu_bh_schedule(dbdma_bh);
-    if (status & FLUSH)
+    if ((status & FLUSH) && ch->flush)
         ch->flush(&ch->io);
 }
 
-- 
1.6.0.2