[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 29/57] hw: megasas: consider 'iov_count=0' is an error in megasas_
From: |
Paolo Bonzini |
Subject: |
[PULL 29/57] hw: megasas: consider 'iov_count=0' is an error in megasas_map_sgl |
Date: |
Sat, 19 Sep 2020 11:58:48 -0400 |
From: Li Qiang <liq3ea@163.com>
Currently in 'megasas_map_sgl' when 'iov_count=0' will just return
success however the 'cmd' doens't contain any iov. This will cause
the assert in 'scsi_dma_complete' failed. This is because in
'dma_blk_cb' the 'dbs->sg_cur_index == dbs->sg->nsg' will be true
and just call 'dma_complete'. However now there is no aiocb returned.
This fixes the LP#1878263:
-->https://bugs.launchpad.net/qemu/+bug/1878263
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200815141940.44025-3-liq3ea@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/megasas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 4cc709d2c6..e24c12d7ee 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -277,7 +277,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd
*cmd, union mfi_sgl *sgl)
cmd->flags = le16_to_cpu(cmd->frame->header.flags);
iov_count = cmd->frame->header.sge_count;
- if (iov_count > MEGASAS_MAX_SGE) {
+ if (!iov_count || iov_count > MEGASAS_MAX_SGE) {
trace_megasas_iovec_sgl_overflow(cmd->index, iov_count,
MEGASAS_MAX_SGE);
return -1;
--
2.26.2
- [PULL 11/57] memory: Convert IOMMUMemoryRegionClass doc comment to kernel-doc, (continued)
- [PULL 11/57] memory: Convert IOMMUMemoryRegionClass doc comment to kernel-doc, Paolo Bonzini, 2020/09/19
- [PULL 17/57] numa: remove fixup numa_state->num_nodes to MAX_NODES, Paolo Bonzini, 2020/09/19
- [PULL 23/57] hw/char/serial: Remove old DEBUG_SERIAL commented code, Paolo Bonzini, 2020/09/19
- [PULL 24/57] hw/char/serial: Rename I/O read/write trace events, Paolo Bonzini, 2020/09/19
- [PULL 28/57] hw: megasas: return -1 when 'megasas_map_sgl' fails, Paolo Bonzini, 2020/09/19
- [PULL 19/57] hw/char/serial: Remove TYPE_SERIAL_IO, Paolo Bonzini, 2020/09/19
- [PULL 14/57] acpi: i386: Move VMBus DSDT entry to SB, Paolo Bonzini, 2020/09/19
- [PULL 13/57] Simplify the .gitignore file, Paolo Bonzini, 2020/09/19
- [PULL 15/57] numa: drop support for '-numa node' (without memory specified), Paolo Bonzini, 2020/09/19
- [PULL 26/57] hw/char/serial-{isa, pci}: Alias QDEV properties from generic serial object, Paolo Bonzini, 2020/09/19
- [PULL 29/57] hw: megasas: consider 'iov_count=0' is an error in megasas_map_sgl,
Paolo Bonzini <=
- [PULL 31/57] meson: move libudev test, Paolo Bonzini, 2020/09/19
- [PULL 45/57] oslib-posix: relocate path to /var, Paolo Bonzini, 2020/09/19
- [PULL 21/57] hw/char/serial: Assert serial_ioport_read/write offset fits 8 bytes, Paolo Bonzini, 2020/09/19
- [PULL 32/57] meson: move libmpathpersist test, Paolo Bonzini, 2020/09/19
- [PULL 47/57] net: relocate paths to helpers and scripts, Paolo Bonzini, 2020/09/19
- [PULL 35/57] configure: fix --meson=/path/to/meson, Paolo Bonzini, 2020/09/19
- [PULL 52/57] ui: relocate paths to icons and translations, Paolo Bonzini, 2020/09/19
- [PULL 18/57] hw/mips/mipssim: Use MMIO serial device on fake ISA I/O, Paolo Bonzini, 2020/09/19
- [PULL 40/57] meson: report accelerator support, Paolo Bonzini, 2020/09/19
- [PULL 53/57] configure: use a platform-neutral prefix, Paolo Bonzini, 2020/09/19