On Sun, Dec 13, 2009 at 12:23 PM, Igor V. Kovalenko
<igor.v.kovale...@gmail.com> wrote:
> From: Igor V. Kovalenko <igor.v.kovale...@gmail.com>
>
> This is a workaround only, and is a partial revert
> of a few changes to BMDMAState which removed pci_dev
> field on the way.
>
> - cmd646 pci_from_bm() expects bm->unit value to
> correspond with bm data being passed to callback
> as opaque pointer. This breaks when write to dma
> control register of second channel happens when no
> dma operation is in progress, so bm->unit is zero
> for second channel, and pci_from_bm() returns garbage
> pointer. Crash happens shortly after that while
> dereferencing that pointer.
> static PCIIDEState *pci_from_bm(BMDMAState *bm)
> {
> + return bm->pci_dev;
> if (bm->unit == 0) {
> return container_of(bm, PCIIDEState, bmdma[0]);
> } else {
I think you should delete the rest of the function, unused code is
useless and if someone decides to fix and restore the old code, they
can fetch it from git.
