From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 18/20] ahci.c: Don't assume AHCIState's parent is AHCIPCIState
Date: Tue, 8 Sep 2015 17:51:30 +0100 [thread overview]
Message-ID: <1441731092-6513-19-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1441731092-6513-1-git-send-email-peter.maydell@linaro.org>
From: Alistair Francis <alistair.francis@xilinx.com>
The AHCIState struct can either have AHCIPCIState or SysbusAHCIState
as a parent. The ahci_irq_lower() and ahci_irq_raise() functions
assume that it is always AHCIPCIState, which is not always the
case, which causes a seg fault. Verify what the container of AHCIState
is before setting the PCIDevice struct.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ide/ahci.c | 13 +++++++------
hw/ide/ahci.h | 2 ++
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 02d85fa..d83efa4 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -121,9 +121,9 @@ static uint32_t ahci_port_read(AHCIState *s, int port, int offset)
static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
{
- AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
- PCIDevice *pci_dev =
- (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+ DeviceState *dev_state = s->container;
+ PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state),
+ TYPE_PCI_DEVICE);
DPRINTF(0, "raise irq\n");
@@ -136,9 +136,9 @@ static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
{
- AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
- PCIDevice *pci_dev =
- (PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+ DeviceState *dev_state = s->container;
+ PCIDevice *pci_dev = (PCIDevice *) object_dynamic_cast(OBJECT(dev_state),
+ TYPE_PCI_DEVICE);
DPRINTF(0, "lower irq\n");
@@ -1436,6 +1436,7 @@ void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
s->as = as;
s->ports = ports;
s->dev = g_new0(AHCIDevice, ports);
+ s->container = qdev;
ahci_reg_init(s);
/* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s,
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index c055d6b..c9b3805 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -287,6 +287,8 @@ struct AHCIDevice {
};
typedef struct AHCIState {
+ DeviceState *container;
+
AHCIDevice *dev;
AHCIControlRegs control_regs;
MemoryRegion mem;
--
1.9.1
next prev parent reply other threads:[~2015-09-08 16:51 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-08 16:51 [Qemu-devel] [PULL 00/20] target-arm queue Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 01/20] armv7m_nvic: Implement ICSR without using internal GIC state Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 02/20] hw/intc/arm_gic: Running priority is group priority, not full priority Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 03/20] hw/intc/arm_gic: Fix handling of GICC_APR<n>, GICC_NSAPR<n> registers Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 04/20] hw/intc/arm_gic: Drop running_irq and last_active arrays Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 05/20] hw/intc/arm_gic: Actually set the active bits for active interrupts Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 06/20] qom: Add recursive version of object_child_for_each Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 07/20] hw/arm: new interface for devices which need to behave differently for kernel boot Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 08/20] hw/intc/arm_gic_common: Configure IRQs as NS if doing direct NS " Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 09/20] hw/cpu/{a15mpcore, a9mpcore}: enable TrustZone in GIC if it is enabled in CPUs Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 10/20] hw/arm/virt: Default to not providing TrustZone support Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 11/20] hw/arm/virt: Enable TZ extensions on the GIC if we are using them Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 12/20] target-arm: Fix default_exception_el() function for the case when EL3 is not supported Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 13/20] target-arm: Log the target EL when taking exceptions Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 14/20] target-arm: Correct opc1 for AT_S12Exx Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 15/20] target-arm: Add AArch64 access to PAR_EL1 Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 16/20] cadence_gem: Correct Marvell PHY SPCFC reset value Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 17/20] ahci: Separate the AHCI state structure into the header Peter Maydell
2015-09-08 16:51 ` Peter Maydell [this message]
2015-09-08 16:51 ` [Qemu-devel] [PULL 19/20] xlnx-zynqmp.c: Convert some of the error_propagate() calls to error_abort Peter Maydell
2015-09-08 16:51 ` [Qemu-devel] [PULL 20/20] xlnx-zynqmp: Connect the sysbus AHCI to ZynqMP Peter Maydell
2015-09-08 19:08 ` [Qemu-devel] [PULL 00/20] target-arm queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1441731092-6513-19-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).