+-- On Thu, 28 Jan 2016, Peter Maydell wrote --+ | ahci code should never be passing it to address_space_unmap() | (or indeed doing anything with it at all).
Okay. | Instead it needs to handle it as an error case. But it looks like | ahci_cond_start_engines() already does that: | | if (ahci_map_fis_address(ad)) { | pr->cmd |= PORT_CMD_FIS_ON; | } else { | error_report("AHCI: Failed to start FIS receive engine: " | "bad FIS receive buffer address"); | return -1; | } Sorry, I think I mixed 'map_fis' & '*map_clb*'. It fails little earlier and throws error_report("AHCI: Failed to start DMA engine: " "bad command list buffer address"); | I suspect that the correct fix to this is that | ahci_unmap_fis_address() should only call dma_memory_unmap() | if ad->res_fis is not NULL. (Other calls to dma_memory_unmap() | in this file also need checking to see if they should have | similar guards.) Okay, I'll send a revised patch. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F