PJP, ping? Look good?
On 01/29/2016 04:41 PM, John Snow wrote:
> As reported by Zuozhi fzz <zuozhi....@alibaba-inc.com>, there's a problem
> you can expose in AHCI by rewriting the command list buffer and/or FIS
> receive buffer addresses, then re-starting the AHCI device before bringing
> it to a stop. Depending on the success of the remap operations, you may
> be able to transition the device to a state where it thinks it is "running"
> but no longer has a guest memory mapping.
>
> When you try to transition it to the stopped state, QEMU crashes.
>
> Tighten up the start/stop conditions, and pepper in a paranoia check inside
> of the unmap function.
>
> ________________________________________________________________________________
>
> For convenience, this branch is available at:
> https://github.com/jnsnow/qemu.git branch ahci-unmap-fixes
> https://github.com/jnsnow/qemu/tree/ahci-unmap-fixes
>
> This version is tagged ahci-unmap-fixes-v1:
> https://github.com/jnsnow/qemu/releases/tag/ahci-unmap-fixes-v1
>
> John Snow (4):
> ahci: Do not unmap NULL addresses
> ahci: handle LIST_ON and FIS_ON in map helpers
> ahci: explicitly reject bad engine states on post_load
> ahci: prohibit "restarting" the FIS or CLB engines
>
> hw/ide/ahci.c | 96
> ++++++++++++++++++++++++++++++++++++-----------------------
> 1 file changed, 59 insertions(+), 37 deletions(-)
>
