The fix utilizes the existing policy QEMU has about short PRDs, and
considers the transfers that cause the crash as generated through short
PRDS.
It
- continues to allow QEMU to support multiple calls to
prepare_buf/ide_dma_cb,
- so, continues to keep QEMU free from needing the entire sglist in one
go;
- avoids the crash;
- but, treats the affected transfers as short, instead of allowing them
to continue.
Amol Surati (1):
ide/hw/core: fix crash on processing a partial-sector-size DMA xfer
John Snow (1):
tests/ide-test: test case for crash when processing short PRDs
hw/ide/core.c | 5 ++++-
tests/ide-test.c | 28 ++++++++++++++++++++++++++++
2 files changed, 32 insertions(+), 1 deletion(-)
--
2.17.1