On Tue, Mar 10, 2015 at 05:29:02PM -0400, John Snow wrote: > Currently, the AHCI device tries to re-map guest memory every time > the low or high address registers are written to, whether or not the > AHCI device is currently active. If the other register has stale > information in it, this may lead to runtime failures. > > Reconfigure the AHCI device to ignore writes to these registers while > the device is active, and otherwise postpone the dma memory map until > the device becomes active. > > John Snow (2): > AHCI: Do not (re)map FB/CLB buffers while not running > AHCI: Protect cmd register > > hw/ide/ahci.c | 61 > ++++++++++++++++++++++++++++++++++++++++++++--------------- > hw/ide/ahci.h | 2 ++ > 2 files changed, 48 insertions(+), 15 deletions(-)
hw/ide/ahci.c: In function ‘ahci_state_post_load’:
hw/ide/ahci.c:1396:23: error: unused variable ‘pr’ [-Werror=unused-variable]
AHCIPortRegs *pr = &ad->port_regs;
What happens if a malicious/buggy guest provides a bogus address? It
looks like the code still sets the "on" bit in the cmd register because
it doesn't check whether the mapped pointer is non-NULL.
pgp2NKeBxBtL5.pgp
Description: PGP signature
