From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59404)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1ZIhzb-00070A-Jl
	for qemu-devel@nongnu.org; Fri, 24 Jul 2015 14:46:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1ZIhzX-00086D-2D
	for qemu-devel@nongnu.org; Fri, 24 Jul 2015 14:46:47 -0400
Received: from smtp2-g21.free.fr ([212.27.42.2]:14805)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpoussin@reactos.org>) id 1ZIhzW-00085m-Sj
	for qemu-devel@nongnu.org; Fri, 24 Jul 2015 14:46:42 -0400
From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpoussin@reactos.org>
Date: Fri, 24 Jul 2015 20:42:22 +0200
Message-Id: <1437763343-7980-3-git-send-email-hpoussin@reactos.org>
In-Reply-To: <1437763343-7980-1-git-send-email-hpoussin@reactos.org>
References: <1437763343-7980-1-git-send-email-hpoussin@reactos.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] [PATCH for 2.4 2/3] net/dp8393x: specify memory
	operations for PROM PROM
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpoussin@reactos.org>, Leon Alrae <leon.alrae@imgtec.com>, Aurelien Jarno <aurelien@aurel32.net>

This fixes a guest-triggerable QEMU crash when guest tries to write to PR=
OM.

Signed-off-by: Herv=C3=A9 Poussineau <hpoussin@reactos.org>
---
 hw/net/dp8393x.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 8fafdb0..55168b5 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -601,6 +601,16 @@ static const MemoryRegionOps dp8393x_ops =3D {
     .endianness =3D DEVICE_NATIVE_ENDIAN,
 };
=20
+static bool dp8393x_rom_accepts(void *opaque, hwaddr addr, unsigned int =
size,
+                                bool is_write)
+{
+    return !is_write;
+}
+
+static const MemoryRegionOps dp8393x_rom_ops =3D {
+    .valid.accepts =3D dp8393x_rom_accepts,
+};
+
 static void dp8393x_watchdog(void *opaque)
 {
     dp8393xState *s =3D opaque;
@@ -840,7 +850,7 @@ static void dp8393x_realize(DeviceState *dev, Error *=
*errp)
     s->watchdog =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s=
);
     s->regs[SONIC_SR] =3D 0x0004; /* only revision recognized by Linux *=
/
=20
-    memory_region_init_rom_device(&s->prom, OBJECT(dev), NULL, NULL,
+    memory_region_init_rom_device(&s->prom, OBJECT(dev), &dp8393x_rom_op=
s, NULL,
                                   "dp8393x-prom", SONIC_PROM_SIZE, NULL)=
;
     prom =3D memory_region_get_ram_ptr(&s->prom);
     checksum =3D 0;
--=20
2.1.4