summaryrefslogtreecommitdiff
path: root/hw/net/dp8393x.c
diff options
context:
space:
mode:
authorHervé Poussineau <hpoussin@reactos.org>2015-07-26 22:32:55 +0200
committerLeon Alrae <leon.alrae@imgtec.com>2015-07-28 09:30:10 +0100
commit52579c681cb12bf64de793e85edc50d990f4d42f (patch)
tree9c04ecab6f1b38a90762a6cdce40419839cd87a2 /hw/net/dp8393x.c
parent30dfa9a46cd845db3f43f5c11b129f4a50941b02 (diff)
downloadqemu-52579c681cb12bf64de793e85edc50d990f4d42f.zip
net/dp8393x: do not use memory_region_init_rom_device with NULL
Replace memory_region_init_rom_device() with memory_region_init_ram() and memory_region_set_readonly(). This fixes a guest-triggerable QEMU crash when guest tries to write to PROM. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> [leon.alrae@imgtec.com: shorten subject length] Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Diffstat (limited to 'hw/net/dp8393x.c')
-rw-r--r--hw/net/dp8393x.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 0f45146ebc..ab607e4846 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -831,6 +831,7 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
dp8393xState *s = DP8393X(dev);
int i, checksum;
uint8_t *prom;
+ Error *local_err = NULL;
address_space_init(&s->as, s->dma_mr, "dp8393x");
memory_region_init_io(&s->mmio, OBJECT(dev), &dp8393x_ops, s,
@@ -843,8 +844,13 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s);
s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */
- memory_region_init_rom_device(&s->prom, OBJECT(dev), NULL, NULL,
- "dp8393x-prom", SONIC_PROM_SIZE, NULL);
+ memory_region_init_ram(&s->prom, OBJECT(dev),
+ "dp8393x-prom", SONIC_PROM_SIZE, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ memory_region_set_readonly(&s->prom, true);
prom = memory_region_get_ram_ptr(&s->prom);
checksum = 0;
for (i = 0; i < 6; i++) {