From 52579c681cb12bf64de793e85edc50d990f4d42f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Herv=C3=A9=20Poussineau?= Date: Sun, 26 Jul 2015 22:32:55 +0200 Subject: [PATCH] net/dp8393x: do not use memory_region_init_rom_device with NULL MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Replace memory_region_init_rom_device() with memory_region_init_ram() and memory_region_set_readonly(). This fixes a guest-triggerable QEMU crash when guest tries to write to PROM. Signed-off-by: Hervé Poussineau [leon.alrae@imgtec.com: shorten subject length] Signed-off-by: Leon Alrae --- hw/net/dp8393x.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c index 0f45146ebc..ab607e4846 100644 --- a/hw/net/dp8393x.c +++ b/hw/net/dp8393x.c @@ -831,6 +831,7 @@ static void dp8393x_realize(DeviceState *dev, Error **errp) dp8393xState *s = DP8393X(dev); int i, checksum; uint8_t *prom; + Error *local_err = NULL; address_space_init(&s->as, s->dma_mr, "dp8393x"); memory_region_init_io(&s->mmio, OBJECT(dev), &dp8393x_ops, s, @@ -843,8 +844,13 @@ static void dp8393x_realize(DeviceState *dev, Error **errp) s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s); s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */ - memory_region_init_rom_device(&s->prom, OBJECT(dev), NULL, NULL, - "dp8393x-prom", SONIC_PROM_SIZE, NULL); + memory_region_init_ram(&s->prom, OBJECT(dev), + "dp8393x-prom", SONIC_PROM_SIZE, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + memory_region_set_readonly(&s->prom, true); prom = memory_region_get_ram_ptr(&s->prom); checksum = 0; for (i = 0; i < 6; i++) { -- 2.11.4.GIT