1 From 867dcfc8c153c463090b972c2afc7b90700bab91 Mon Sep 17 00:00:00 2001
2 From: Prasad J Pandit <pjp@fedoraproject.org>
3 Date: Fri, 29 Jan 2016 01:18:50 +0530
4 Subject: [PATCH 2/2] ide: ahci: add check before calling dma_memory_unmap
6 When IDE AHCI emulation uses Frame Information Structures(FIS)
7 engine for data transfer, the mapped FIS buffer address is stored
8 in a static 'bounce.buffer'. When a request is made to map another
9 memory region, address_space_map() returns NULL because
10 'bounce.buffer' is in_use. It leads to a null pointer dereference
11 error while doing 'dma_memory_unmap'. Add a check to avoid it.
13 Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
14 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
16 hw/ide/ahci.c | 16 ++++++++++------
17 1 file changed, 10 insertions(+), 6 deletions(-)
19 diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
20 index dd1912e..ea351fe 100644
23 @@ -661,9 +661,11 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
25 static void ahci_unmap_fis_address(AHCIDevice *ad)
27 - dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
28 - DMA_DIRECTION_FROM_DEVICE, 256);
31 + dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
32 + DMA_DIRECTION_FROM_DEVICE, 256);
37 static bool ahci_map_clb_address(AHCIDevice *ad)
38 @@ -677,9 +679,11 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
40 static void ahci_unmap_clb_address(AHCIDevice *ad)
42 - dma_memory_unmap(ad->hba->as, ad->lst, 1024,
43 - DMA_DIRECTION_FROM_DEVICE, 1024);
46 + dma_memory_unmap(ad->hba->as, ad->lst, 1024,
47 + DMA_DIRECTION_FROM_DEVICE, 1024);
52 static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs)