From: Hervé Poussineau <hpoussin@reactos.org>
Date: Thu, 12 Nov 2015 21:24:08 +0000 (+0100)
Subject: mac_dbdma: always initialize channel field in DBDMA_channel
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=7f0d763ce60fd0563cb71c85ae0f86ee71b7edcc;p=qemu.git

mac_dbdma: always initialize channel field in DBDMA_channel

dbdma_from_ch() uses channel field to return the right DBDMA object.
Previous code was working if guest OS was only using registered DMA channels.
However, it lead to QEMU crashes if guest OS was using unregistered DMA channels.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 779683cc07..5ee8f022a5 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -557,7 +557,6 @@ void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
     DBDMA_DPRINTF("DBDMA_register_channel 0x%x\n", nchan);
 
     ch->irq = irq;
-    ch->channel = nchan;
     ch->rw = rw;
     ch->flush = flush;
     ch->io.opaque = opaque;
@@ -753,6 +752,7 @@ void* DBDMA_init (MemoryRegion **dbdma_mem)
     for (i = 0; i < DBDMA_CHANNELS; i++) {
         DBDMA_io *io = &s->channels[i].io;
         qemu_iovec_init(&io->iov, 1);
+        s->channels[i].channel = i;
     }
 
     memory_region_init_io(&s->mem, NULL, &dbdma_ops, s, "dbdma", 0x1000);