[Qemu-block] [PATCH 0/4] ahci: unmap fixes

[John Snow]

As reported by Zuozhi fzz <address@hidden>, there's a problem
you can expose in AHCI by rewriting the command list buffer and/or FIS
receive buffer addresses, then re-starting the AHCI device before bringing
it to a stop. Depending on the success of the remap operations, you may
be able to transition the device to a state where it thinks it is "running"
but no longer has a guest memory mapping.

When you try to transition it to the stopped state, QEMU crashes.

Tighten up the start/stop conditions, and pepper in a paranoia check inside
of the unmap function.

________________________________________________________________________________

For convenience, this branch is available at:
https://github.com/jnsnow/qemu.git branch ahci-unmap-fixes
https://github.com/jnsnow/qemu/tree/ahci-unmap-fixes

This version is tagged ahci-unmap-fixes-v1:
https://github.com/jnsnow/qemu/releases/tag/ahci-unmap-fixes-v1

John Snow (4):
  ahci: Do not unmap NULL addresses
  ahci: handle LIST_ON and FIS_ON in map helpers
  ahci: explicitly reject bad engine states on post_load
  ahci: prohibit "restarting" the FIS or CLB engines

 hw/ide/ahci.c | 96 ++++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 59 insertions(+), 37 deletions(-)

-- 
2.4.3