[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 10/17] esp.c: don't assert() if FIFO empty when executing non-DMA
|
From: |
Mark Cave-Ayland |
|
Subject: |
[PULL 10/17] esp.c: don't assert() if FIFO empty when executing non-DMA SELATNS |
|
Date: |
Thu, 4 Apr 2024 15:25:32 +0100 |
The current logic assumes that at least 1 byte is present in the FIFO when
executing a non-DMA SELATNS command, but this may not be the case if the
guest executes an invalid ESP command sequence.
Reported-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240324191707.623175-11-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
hw/scsi/esp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 1aac8f5564..f3aa5364cf 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -762,7 +762,8 @@ static void esp_do_nodma(ESPState *s)
case CMD_SELATNS:
/* Copy one byte from FIFO into cmdfifo */
- len = esp_fifo_pop_buf(s, buf, 1);
+ len = esp_fifo_pop_buf(s, buf,
+ MIN(fifo8_num_used(&s->fifo), 1));
len = MIN(fifo8_num_free(&s->cmdfifo), len);
fifo8_push_all(&s->cmdfifo, buf, len);
--
2.39.2
- [PULL 00/17] qemu-sparc queue 20240404, Mark Cave-Ayland, 2024/04/04
- [PULL 01/17] esp.c: move esp_fifo_pop_buf() internals to new esp_fifo8_pop_buf() function, Mark Cave-Ayland, 2024/04/04
- [PULL 02/17] esp.c: replace esp_fifo_pop_buf() with esp_fifo8_pop_buf() in do_command_phase(), Mark Cave-Ayland, 2024/04/04
- [PULL 03/17] esp.c: replace esp_fifo_pop_buf() with esp_fifo8_pop_buf() in do_message_phase(), Mark Cave-Ayland, 2024/04/04
- [PULL 04/17] esp.c: replace cmdfifo use of esp_fifo_pop() in do_message_phase(), Mark Cave-Ayland, 2024/04/04
- [PULL 05/17] esp.c: change esp_fifo_push() to take ESPState, Mark Cave-Ayland, 2024/04/04
- [PULL 06/17] esp.c: change esp_fifo_pop() to take ESPState, Mark Cave-Ayland, 2024/04/04
- [PULL 07/17] esp.c: use esp_fifo_push() instead of fifo8_push(), Mark Cave-Ayland, 2024/04/04
- [PULL 08/17] esp.c: change esp_fifo_pop_buf() to take ESPState, Mark Cave-Ayland, 2024/04/04
- [PULL 09/17] esp.c: introduce esp_fifo_push_buf() function for pushing to the FIFO, Mark Cave-Ayland, 2024/04/04
- [PULL 10/17] esp.c: don't assert() if FIFO empty when executing non-DMA SELATNS,
Mark Cave-Ayland <=
- [PULL 11/17] esp.c: rework esp_cdb_length() into esp_cdb_ready(), Mark Cave-Ayland, 2024/04/04
- [PULL 12/17] esp.c: prevent cmdfifo overflow in esp_cdb_ready(), Mark Cave-Ayland, 2024/04/04
- [PULL 13/17] esp.c: move esp_set_phase() and esp_get_phase() towards the beginning of the file, Mark Cave-Ayland, 2024/04/04
- [PULL 14/17] esp.c: introduce esp_update_drq() and update esp_fifo_{push, pop}_buf() to use it, Mark Cave-Ayland, 2024/04/04
- [PULL 16/17] esp.c: ensure esp_pdma_write() always calls esp_fifo_push(), Mark Cave-Ayland, 2024/04/04
- [PULL 15/17] esp.c: update esp_fifo_{push, pop}() to call esp_update_drq(), Mark Cave-Ayland, 2024/04/04
- [PULL 17/17] esp.c: remove explicit setting of DRQ within ESP state machine, Mark Cave-Ayland, 2024/04/04
- Re: [PULL 00/17] qemu-sparc queue 20240404, Peter Maydell, 2024/04/04