[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 for-6.0 09/12] esp: don't overflow cmdfifo if TC is larger tha
From: |
Mark Cave-Ayland |
Subject: |
[PATCH v4 for-6.0 09/12] esp: don't overflow cmdfifo if TC is larger than the cmdfifo size |
Date: |
Wed, 7 Apr 2021 20:57:58 +0100 |
If a guest transfers the message out/command phase data using DMA with a TC
that is larger than the cmdfifo size then the cmdfifo overflows triggering
an assert. Limit the size of the transfer to the free space available in
cmdfifo.
Buglink: https://bugs.launchpad.net/qemu/+bug/1919036
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
---
hw/scsi/esp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 53cc569e8a..782c6ee357 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -578,6 +578,7 @@ static void esp_do_dma(ESPState *s)
cmdlen = fifo8_num_used(&s->cmdfifo);
trace_esp_do_dma(cmdlen, len);
if (s->dma_memory_read) {
+ len = MIN(len, fifo8_num_free(&s->cmdfifo));
s->dma_memory_read(s->dma_opaque, buf, len);
fifo8_push_all(&s->cmdfifo, buf, len);
} else {
--
2.20.1
- [PATCH v4 for-6.0 02/12] esp: rework write_response() to avoid using the FIFO for DMA transactions, (continued)
- [PATCH v4 for-6.0 02/12] esp: rework write_response() to avoid using the FIFO for DMA transactions, Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 03/12] esp: consolidate esp_cmdfifo_push() into esp_fifo_push(), Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 04/12] esp: consolidate esp_cmdfifo_pop() into esp_fifo_pop(), Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 05/12] esp: introduce esp_fifo_pop_buf() and use it instead of fifo8_pop_buf(), Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 06/12] esp: ensure cmdfifo is not empty and current_dev is non-NULL, Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 07/12] esp: don't underflow cmdfifo in do_cmd(), Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 08/12] esp: don't overflow cmdfifo in get_cmd(), Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 09/12] esp: don't overflow cmdfifo if TC is larger than the cmdfifo size,
Mark Cave-Ayland <=
- [PATCH v4 for-6.0 10/12] esp: don't reset async_len directly in esp_select() if cancelling request, Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 11/12] esp: ensure that do_cmd is set to zero before submitting an ESP select command, Mark Cave-Ayland, 2021/04/07
- [PATCH v4 for-6.0 12/12] tests/qtest: add tests for am53c974 device, Mark Cave-Ayland, 2021/04/07
- Re: [PATCH v4 for-6.0 00/12] esp: fix asserts/segfaults discovered by fuzzer, Mark Cave-Ayland, 2021/04/09