From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NJqj8-0001kQ-S1
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 10:51:18 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NJqj3-0001hW-L1
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 10:51:17 -0500
Received: from [199.232.76.173] (port=46521 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NJqj3-0001hS-FZ
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 10:51:13 -0500
Received: from mail-yw0-f171.google.com ([209.85.211.171]:41651)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <blauwirbel@gmail.com>) id 1NJqj3-0006av-0H
	for qemu-devel@nongnu.org; Sun, 13 Dec 2009 10:51:13 -0500
Received: by ywh1 with SMTP id 1so2169284ywh.18
	for <qemu-devel@nongnu.org>; Sun, 13 Dec 2009 07:51:12 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20091213122358.10712.96713.stgit@skyserv>
References: <20091213122358.10712.96713.stgit@skyserv>
From: Blue Swirl <blauwirbel@gmail.com>
Date: Sun, 13 Dec 2009 15:50:52 +0000
Message-ID: <f43fc5580912130750r769da6c1r8bccc1948d28d00b@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH] workaround for cmd646 bmdma register access
	while no dma is active
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Igor V. Kovalenko" <igor.v.kovalenko@gmail.com>
Cc: qemu-devel@nongnu.org

On Sun, Dec 13, 2009 at 12:23 PM, Igor V. Kovalenko
<igor.v.kovalenko@gmail.com> wrote:
> From: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
>
> This is a workaround only, and is a partial revert
> of a few changes to BMDMAState which removed pci_dev
> field on the way.
>
> - cmd646 pci_from_bm() expects bm->unit value to
> correspond with bm data being passed to callback
> as opaque pointer. This breaks when write to dma
> control register of second channel happens when no
> dma operation is in progress, so bm->unit is zero
> for second channel, and pci_from_bm() returns garbage
> pointer. Crash happens shortly after that while
> dereferencing that pointer.

> =C2=A0static PCIIDEState *pci_from_bm(BMDMAState *bm)
> =C2=A0{
> + =C2=A0 =C2=A0return bm->pci_dev;
> =C2=A0 =C2=A0 if (bm->unit =3D=3D 0) {
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 return container_of(bm, PCIIDEState, bmdma[0]=
);
> =C2=A0 =C2=A0 } else {

I think you should delete the rest of the function, unused code is
useless and if someone decides to fix and restore the old code, they
can fetch it from git.