From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39593) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPGnP-0000dr-TU for qemu-devel@nongnu.org; Fri, 29 Jan 2016 16:41:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aPGnO-0008Bb-VI for qemu-devel@nongnu.org; Fri, 29 Jan 2016 16:41:35 -0500 From: John Snow Date: Fri, 29 Jan 2016 16:41:25 -0500 Message-Id: <1454103689-13042-1-git-send-email-jsnow@redhat.com> Subject: [Qemu-devel] [PATCH 0/4] ahci: unmap fixes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-block@nongnu.org Cc: peter.maydell@linaro.org, pjp@fedoraproject.org, qemu-devel@nongnu.org, zuozhi.fzz@alibaba-inc.com, pbonzini@redhat.com, John Snow As reported by Zuozhi fzz , there's a problem you can expose in AHCI by rewriting the command list buffer and/or FIS receive buffer addresses, then re-starting the AHCI device before bringing it to a stop. Depending on the success of the remap operations, you may be able to transition the device to a state where it thinks it is "running" but no longer has a guest memory mapping. When you try to transition it to the stopped state, QEMU crashes. Tighten up the start/stop conditions, and pepper in a paranoia check inside of the unmap function. ________________________________________________________________________________ For convenience, this branch is available at: https://github.com/jnsnow/qemu.git branch ahci-unmap-fixes https://github.com/jnsnow/qemu/tree/ahci-unmap-fixes This version is tagged ahci-unmap-fixes-v1: https://github.com/jnsnow/qemu/releases/tag/ahci-unmap-fixes-v1 John Snow (4): ahci: Do not unmap NULL addresses ahci: handle LIST_ON and FIS_ON in map helpers ahci: explicitly reject bad engine states on post_load ahci: prohibit "restarting" the FIS or CLB engines hw/ide/ahci.c | 96 ++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 59 insertions(+), 37 deletions(-) -- 2.4.3