> On Monday, 8 February 2016 10:23 PM, John Snow <[email protected]> wrote:
>> PJP, ping? Look good?
Oops, sorry!
> On 01/29/2016 04:41 PM, John Snow wrote:
>> As reported by Zuozhi fzz <[email protected]>, there's a problem
>> you can expose in AHCI by rewriting the command list buffer and/or FIS
>> receive buffer addresses, then re-starting the AHCI device before bringing
>> it to a stop. Depending on the success of the remap operations, you may
>> be able to transition the device to a state where it thinks it is
>> "running" but no longer has a guest memory mapping.
>>
>> When you try to transition it to the stopped state, QEMU crashes.
>>
>> Tighten up the start/stop conditions, and pepper in a paranoia check inside
>> of the unmap function.
>>
>> John Snow (4):
>> ahci: Do not unmap NULL addresses
>> ahci: handle LIST_ON and FIS_ON in map helpers
>> ahci: explicitly reject bad engine states on post_load
>> ahci: prohibit "restarting" the FIS or CLB engines
Yes, they look good.
Thank you.
--- -P J P
http://feedmug.com
