From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54232)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aOrp8-0001c1-21
	for qemu-devel@nongnu.org; Thu, 28 Jan 2016 14:01:42 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aOrp4-00080u-1H
	for qemu-devel@nongnu.org; Thu, 28 Jan 2016 14:01:42 -0500
Received: from mx1.redhat.com ([209.132.183.28]:37513)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aOrp3-00080k-Ro
	for qemu-devel@nongnu.org; Thu, 28 Jan 2016 14:01:37 -0500
Date: Fri, 29 Jan 2016 00:31:30 +0530 (IST)
From: P J P <ppandit@redhat.com>
In-Reply-To: <CAFEAcA_pdLWVeQx1csP3Rm3fYr3wK-xDhEi9JpjSSpbOs+xw7A@mail.gmail.com>
Message-ID: <alpine.LFD.2.20.1601290025360.27261@wniryva>
References: <1453994125-23586-1-git-send-email-ppandit@redhat.com>
	<CAFEAcA8uhn86Tq1rBYbs9wHVbObKuuhf5s4QoFmKa+pjD6JJEw@mail.gmail.com>
	<alpine.LFD.2.20.1601282307160.26336@wniryva>
	<CAFEAcA_pdLWVeQx1csP3Rm3fYr3wK-xDhEi9JpjSSpbOs+xw7A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Subject: Re: [Qemu-devel] [PATCH] exec: check 'bounce.in_use' flag before
 using buffer
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, John Snow <jsnow@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>, Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>

+-- On Thu, 28 Jan 2016, Peter Maydell wrote --+
| ahci code should never be passing it to address_space_unmap()
| (or indeed doing anything with it at all).

  Okay.
 
| Instead it needs to handle it as an error case. But it looks like
| ahci_cond_start_engines() already does that:
| 
|         if (ahci_map_fis_address(ad)) {
|             pr->cmd |= PORT_CMD_FIS_ON;
|         } else {
|             error_report("AHCI: Failed to start FIS receive engine: "
|                          "bad FIS receive buffer address");
|             return -1;
|         }

  Sorry, I think I mixed 'map_fis' & '*map_clb*'. It fails little earlier and 
throws
       error_report("AHCI: Failed to start DMA engine: "                   
                         "bad command list buffer address");
 
| I suspect that the correct fix to this is that
| ahci_unmap_fis_address() should only call dma_memory_unmap()
| if ad->res_fis is not NULL. (Other calls to dma_memory_unmap()
| in this file also need checking to see if they should have
| similar guards.)

  Okay, I'll send a revised patch.


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F