diff options
author | Hervé Poussineau <hpoussin@reactos.org> | 2015-07-26 22:32:55 +0200 |
---|---|---|
committer | Leon Alrae <leon.alrae@imgtec.com> | 2015-07-28 09:30:10 +0100 |
commit | 52579c681cb12bf64de793e85edc50d990f4d42f (patch) | |
tree | 9c04ecab6f1b38a90762a6cdce40419839cd87a2 /hw/net/dp8393x.c | |
parent | 30dfa9a46cd845db3f43f5c11b129f4a50941b02 (diff) | |
download | qemu-52579c681cb12bf64de793e85edc50d990f4d42f.zip |
net/dp8393x: do not use memory_region_init_rom_device with NULL
Replace memory_region_init_rom_device() with memory_region_init_ram() and
memory_region_set_readonly().
This fixes a guest-triggerable QEMU crash when guest tries to write to PROM.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[leon.alrae@imgtec.com: shorten subject length]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Diffstat (limited to 'hw/net/dp8393x.c')
-rw-r--r-- | hw/net/dp8393x.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c index 0f45146ebc..ab607e4846 100644 --- a/hw/net/dp8393x.c +++ b/hw/net/dp8393x.c @@ -831,6 +831,7 @@ static void dp8393x_realize(DeviceState *dev, Error **errp) dp8393xState *s = DP8393X(dev); int i, checksum; uint8_t *prom; + Error *local_err = NULL; address_space_init(&s->as, s->dma_mr, "dp8393x"); memory_region_init_io(&s->mmio, OBJECT(dev), &dp8393x_ops, s, @@ -843,8 +844,13 @@ static void dp8393x_realize(DeviceState *dev, Error **errp) s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s); s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */ - memory_region_init_rom_device(&s->prom, OBJECT(dev), NULL, NULL, - "dp8393x-prom", SONIC_PROM_SIZE, NULL); + memory_region_init_ram(&s->prom, OBJECT(dev), + "dp8393x-prom", SONIC_PROM_SIZE, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + memory_region_set_readonly(&s->prom, true); prom = memory_region_get_ram_ptr(&s->prom); checksum = 0; for (i = 0; i < 6; i++) { |