From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NJske-0005jW-Qv
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 13:01:00 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NJska-0005hG-5V
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 13:01:00 -0500
Received: from [199.232.76.173] (port=48404 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NJskZ-0005h3-VF
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 13:00:56 -0500
Received: from mail-bw0-f212.google.com ([209.85.218.212]:48630)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <igor.v.kovalenko@gmail.com>) id 1NJskZ-0002eo-HE
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 13:00:55 -0500
Received: by bwz4 with SMTP id 4so1576565bwz.2
	for <qemu-devel@nongnu.org>; Sun, 13 Dec 2009 10:00:54 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <f43fc5580912130750r769da6c1r8bccc1948d28d00b@mail.gmail.com>
References: <20091213122358.10712.96713.stgit@skyserv>
	<f43fc5580912130750r769da6c1r8bccc1948d28d00b@mail.gmail.com>
Date: Sun, 13 Dec 2009 21:00:54 +0300
Message-ID: <b2fa41d60912131000k28547ebayfc33378629d8b1f6@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH] workaround for cmd646 bmdma register access
	while no dma is active
From: Igor Kovalenko <igor.v.kovalenko@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel@nongnu.org

On Sun, Dec 13, 2009 at 6:50 PM, Blue Swirl <blauwirbel@gmail.com> wrote:
> On Sun, Dec 13, 2009 at 12:23 PM, Igor V. Kovalenko
> <igor.v.kovalenko@gmail.com> wrote:
>> From: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
>>
>> This is a workaround only, and is a partial revert
>> of a few changes to BMDMAState which removed pci_dev
>> field on the way.
>>
>> - cmd646 pci_from_bm() expects bm->unit value to
>> correspond with bm data being passed to callback
>> as opaque pointer. This breaks when write to dma
>> control register of second channel happens when no
>> dma operation is in progress, so bm->unit is zero
>> for second channel, and pci_from_bm() returns garbage
>> pointer. Crash happens shortly after that while
>> dereferencing that pointer.
>
>> =A0static PCIIDEState *pci_from_bm(BMDMAState *bm)
>> =A0{
>> + =A0 =A0return bm->pci_dev;
>> =A0 =A0 if (bm->unit =3D=3D 0) {
>> =A0 =A0 =A0 =A0 return container_of(bm, PCIIDEState, bmdma[0]);
>> =A0 =A0 } else {
>
> I think you should delete the rest of the function, unused code is
> useless and if someone decides to fix and restore the old code, they
> can fetch it from git.

Thanks, resent with this change.

--=20
Kind regards,
Igor V. Kovalenko