From patchwork Mon Aug 4 13:53:19 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 34845 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pd0-f200.google.com (mail-pd0-f200.google.com [209.85.192.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B672221F5F for ; Mon, 4 Aug 2014 13:59:00 +0000 (UTC) Received: by mail-pd0-f200.google.com with SMTP id w10sf45420258pde.3 for ; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:date :message-id:in-reply-to:references:subject:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :errors-to:sender:x-original-sender :x-original-authentication-results:mailing-list; bh=XI6nf7mbP33gOJdJJ6lMc3F5tA7isSB/MMfzbFV48no=; b=Xj/uzwwDcP5Txt+x3pPnkRsO2SFdsmptASDOX8nuqflXBjLgCYgxeAYTuSz3y6rGVE ay0rELNB4jRfAK3An3BZhShAEDQjpCct3tl/LgS4yJ5jht2S7tpD+9va14PGrCdVj/so 1kYlBlgW4WKAMxvz19lTzpGV+0QFq5YH+lDPTff3cKuwMxyfowVgoMu+jdIDsOAIUDw4 iqurN4u2SSucOjGgvbrdg0xSp1wFF8ls6j+9gEexRvQtgZ8niik1s8WgLOMfVe8aJoWG DWA5LdxMeHWgZ75AVSBNh1+/9ZqpgSYBKS/tDVPdXh6hg492Yerrm67bZCi5jXeEjOGF 264g== X-Gm-Message-State: ALoCoQnDiDUZA9oYFRGQDwJqK1TGdLjAzpxL0tCrCf3FtxWo3rqHxyUeTjlJxBOx549Ygvma1FE1 X-Received: by 10.68.222.194 with SMTP id qo2mr9051522pbc.6.1407160739923; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.84.239 with SMTP id l102ls2249306qgd.81.gmail; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) X-Received: by 10.52.12.229 with SMTP id b5mr19537085vdc.52.1407160739760; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) Received: from mail-vc0-f175.google.com (mail-vc0-f175.google.com [209.85.220.175]) by mx.google.com with ESMTPS id o3si11965579ver.56.2014.08.04.06.58.59 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 04 Aug 2014 06:58:59 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.175 as permitted sender) client-ip=209.85.220.175; Received: by mail-vc0-f175.google.com with SMTP id ik5so10931110vcb.6 for ; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) X-Received: by 10.52.120.38 with SMTP id kz6mr1080734vdb.86.1407160739621; Mon, 04 Aug 2014 06:58:59 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.37.5 with SMTP id tc5csp306494vcb; Mon, 4 Aug 2014 06:58:59 -0700 (PDT) X-Received: by 10.224.119.193 with SMTP id a1mr38079714qar.18.1407160738998; Mon, 04 Aug 2014 06:58:58 -0700 (PDT) Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id d69si28666139qgd.88.2014.08.04.06.58.58 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 04 Aug 2014 06:58:58 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Received: from localhost ([::1]:52487 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XEImw-0004cF-N5 for patch@linaro.org; Mon, 04 Aug 2014 09:58:58 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45266) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XEIiA-00054a-Ff for qemu-devel@nongnu.org; Mon, 04 Aug 2014 09:54:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XEIi8-0007Wn-SY for qemu-devel@nongnu.org; Mon, 04 Aug 2014 09:54:02 -0400 Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:48908) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XEIi8-0006mN-LQ for qemu-devel@nongnu.org; Mon, 04 Aug 2014 09:54:00 -0400 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1XEIhd-0001Ai-1w for qemu-devel@nongnu.org; Mon, 04 Aug 2014 14:53:29 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 4 Aug 2014 14:53:19 +0100 Message-Id: <1407160408-4467-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1407160408-4467-1-git-send-email-peter.maydell@linaro.org> References: <1407160408-4467-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:8b0:1d0::1 Subject: [Qemu-devel] [PULL 03/12] sd: sdhci: Fix ADMA dma_memory_read access X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.175 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 From: Peter Crosthwaite This dma_memory_read was giving too big a size when begin was non-zero. This could cause segfaults in some circumstances. Fix. Signed-off-by: Peter Crosthwaite Signed-off-by: Peter Maydell --- hw/sd/sdhci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index b5a9eee..f9fe700 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -702,7 +702,8 @@ static void sdhci_do_adma(SDHCIState *s) length -= block_size - begin; } dma_memory_read(&address_space_memory, dscr.addr, - &s->fifo_buffer[begin], s->data_count); + &s->fifo_buffer[begin], + s->data_count - begin); dscr.addr += s->data_count - begin; if (s->data_count == block_size) { for (n = 0; n < block_size; n++) {