Hi
On Wed, Sep 12, 2018 at 9:22 AM Li Qiang <liq...@gmail.com> wrote:
>
> The write/read should be paired, this can avoid the
> NULL-deref while the guest reads the fw_cfg port.
>
> Signed-off-by: Li Qiang <liq...@gmail.com>
Do you have a reproducer and/or a backtrace?
memory_region_dispatch_write() checks if ops->write != NULL.
> ---
> hw/nvram/fw_cfg.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
> index d79a568f54..6de7809f1a 100644
> --- a/hw/nvram/fw_cfg.c
> +++ b/hw/nvram/fw_cfg.c
> @@ -434,6 +434,11 @@ static bool fw_cfg_data_mem_valid(void *opaque, hwaddr
> addr,
> return addr == 0;
> }
>
> +static uint64_t fw_cfg_ctl_mem_read(void *opaque, hwaddr addr, unsigned size)
> +{
> + return 0;
> +}
> +
> static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
> uint64_t value, unsigned size)
> {
> @@ -468,6 +473,7 @@ static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
> }
>
> static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
> + .read = fw_cfg_ctl_mem_read,
> .write = fw_cfg_ctl_mem_write,
> .endianness = DEVICE_BIG_ENDIAN,
> .valid.accepts = fw_cfg_ctl_mem_valid,
> --
> 2.11.0
>
>
--
Marc-André Lureau
