From nobody Mon Apr 29 01:46:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 152946897335718.487267636658885; Tue, 19 Jun 2018 21:29:33 -0700 (PDT) Received: from localhost ([::1]:46013 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUkI-0002Ew-Ac for importer@patchew.org; Wed, 20 Jun 2018 00:29:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56443) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUic-0001O9-T9 for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVUib-0007LC-PB for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:42 -0400 Received: from mail-pl0-x242.google.com ([2607:f8b0:400e:c01::242]:41526) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVUib-0007KI-Jo; Wed, 20 Jun 2018 00:27:41 -0400 Received: by mail-pl0-x242.google.com with SMTP id w8-v6so1015308ply.8; Tue, 19 Jun 2018 21:27:41 -0700 (PDT) Received: from localhost.localdomain ([103.85.8.123]) by smtp.gmail.com with ESMTPSA id f6-v6sm1738984pfd.112.2018.06.19.21.27.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Jun 2018 21:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6iz1z+40tF6LdlC59dCjRmyVAJ/PFe2Sox8rTSRpiBI=; b=uwyrR8+H0jU8M3GJrdn36DoCGXGaQ9krdbb9zgXf5mQPHrrBPCz85u21H58dJYDEo6 3Mxh2qA5X+a/Cv+Pm89JlJdpvMTP6/uI8K5Ob5G7cN2AEP8e0bODeOqPUYwCl3Jn8sWu fd0nM7D1DMPPaPl420lJ0l/DvSBzQq33gagM0tkXChT5WtVxU2JpBgaxpkPy0x0GNlTS /dP4g7fUBHNCAeE9N1lQM1lZup6iNq6SlR6hzl0Bglr1WiRk8rnJqW5zFli/HGJ4YSFS llLUDR+W8uLlnViaststJ8Qg7Hf1iTZgqza2ghhF8231CNLInUzq4M/YLcoKn/SRa+wX mBOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6iz1z+40tF6LdlC59dCjRmyVAJ/PFe2Sox8rTSRpiBI=; b=Gtjb/rcriiRG5j5uu4SioiMW8wqfstbPfHZawBwkY2RJar1dHhE3flCyRgbrfoCQ0G LmWFaKCX6BU5aZOqFdsBaH3848R01TFVI4geAiBxAe3Nd2Fgoc17JSZzmxw+S5vs/FWk gHqN0DZTat0TuPEF6WGh769w+80sJMUOkBsjcnfRGYYqQ+MLPZQ488jXyy+jOl0DT6wT 9wIKND00+34uaFSpf9GH+OyHTHXbPJwygcZf9t8LAlEQ0BL9N+/x34ZOpvzeodfIucuT 4bkjKqtjVcwwIYoSs6+1+HbgRG5t3SWfuZFyzLtm1p0LtlJGYD4T877eyUZhaqwxWWme tpRA== X-Gm-Message-State: APt69E275WcxB3dZv1PX6Cq5yBvsu4O+Ikq8lklpO0zxsX69aG1Db9h+ 7AasbZH5itItA7kYYsshvyMelWM7HpU= X-Google-Smtp-Source: ADUXVKKTOmcWNCeFt0GtrjwbgAVyJ3kNaWYoV5/s4dT/eNYaRIyjgKyTcUCWJowQ/XbB9TUWhkpKfg== X-Received: by 2002:a17:902:8b85:: with SMTP id ay5-v6mr22111678plb.30.1529468860448; Tue, 19 Jun 2018 21:27:40 -0700 (PDT) From: Amol Surati To: qemu-devel@nongnu.org Date: Wed, 20 Jun 2018 09:59:29 +0530 Message-Id: <20180620042930.24208-2-suratiamol@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180620042930.24208-1-suratiamol@gmail.com> References: <20180620042930.24208-1-suratiamol@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::242 Subject: [Qemu-devel] [PATCH 1/2] ide/hw/core: fix crash on processing a partial-sector-size DMA xfer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amol Surati , jsnow@redhat.com, "open list:IDE" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Fixes: https://bugs.launchpad.net/qemu/+bug/1777315 QEMU's short PRD policy applies to a DMA transfer of size < 512 bytes. But it fails to consider transfers which are >=3D 512 bytes, but are not a multiple of 512 bytes. Such transfers are not subject to the short PRD policy. They end up violating the assumptions about the granularity of the IO sizes, upon which depend the verification of the completion of the previous transfer, and the advancement of the offset in preparation of the next. Those violations result in the crash. By forcing each transfer to be a multiple of sector size, such transfers are subjected to the policy, and therefore culled before they cause the crash. Signed-off-by: Amol Surati --- hw/ide/core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/ide/core.c b/hw/ide/core.c index 2c62efc536..14d135224b 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -836,6 +836,7 @@ static void ide_dma_cb(void *opaque, int ret) { IDEState *s =3D opaque; int n; + int32_t size_prepared; int64_t sector_num; uint64_t offset; bool stay_active =3D false; @@ -886,7 +887,9 @@ static void ide_dma_cb(void *opaque, int ret) n =3D s->nsector; s->io_buffer_index =3D 0; s->io_buffer_size =3D n * 512; - if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size) < 51= 2) { + size_prepared =3D s->bus->dma->ops->prepare_buf(s->bus->dma, + s->io_buffer_size); + if (size_prepared <=3D 0 || size_prepared % 512) { /* The PRDs were too short. Reset the Active bit, but don't raise = an * interrupt. */ s->status =3D READY_STAT | SEEK_STAT; --=20 2.17.1 From nobody Mon Apr 29 01:46:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1529468973641819.221383815499; Tue, 19 Jun 2018 21:29:33 -0700 (PDT) Received: from localhost ([::1]:46014 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUkO-0002JN-UP for importer@patchew.org; Wed, 20 Jun 2018 00:29:32 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56470) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUig-0001Q0-AB for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVUif-0007MD-5F for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:46 -0400 Received: from mail-pf0-x244.google.com ([2607:f8b0:400e:c00::244]:33945) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVUie-0007M4-VS; Wed, 20 Jun 2018 00:27:45 -0400 Received: by mail-pf0-x244.google.com with SMTP id a63-v6so939376pfl.1; Tue, 19 Jun 2018 21:27:44 -0700 (PDT) Received: from localhost.localdomain ([103.85.8.123]) by smtp.gmail.com with ESMTPSA id f6-v6sm1738984pfd.112.2018.06.19.21.27.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Jun 2018 21:27:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5wiGh+UWI2cmNzo8N3opBc4lVuqQHb1zQsUzC8ES2Hs=; b=GzmM22FxliIswykOvAcJ0u49iprcdTKf/ZohugZRhXKW5byg4VrIPyfGnSMaM0W+nb 97T1koHTwGtiMoGT1kMbcJ2OQpnOqsYhr1omdAANmhVtHgLFv8PSq9juwWcAJhM8x2cP sUyWqbPpzoTkKGbmHf2y/7ant8SLpaf3UQgmm+Ta/iUcovQrxunKt2KsPZqe3Mi3dc13 WsDAKbeOt5ES0iZwztGvBZ3G8O8CAeBPl/jmVarL5wgzC9+mwAxeLF2uVb3itQVG/Gy4 eCMULLC0WUKqIht9UxFSyJBvkqvixMJpVJtNidG1R1+ukPPUQXsWeQ4Ung1ttJuPDP9l TxgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5wiGh+UWI2cmNzo8N3opBc4lVuqQHb1zQsUzC8ES2Hs=; b=sk/Wn5Dqn2S/5JLpzkTjCvuo0SCOYE0si/Leekua3p05X2E/I2PbkLcTDHDyDOvcMP 3BU1tCIX0mES9iw2uV9Ct9NvQO08jHNLVOpVOrHiHLugqavuN8w4Tj5sjQc/Lw21HMm+ KerlbD1CT3Td6rB+F/D2a75g7duNkfZH4VWWlHl1KC4Q6VVQPPSknZNBLxCoLaAXHz3M e3bpSMEfAF3lQMJb0Bt4i/wM5cREOdrnSxUQQXmM3oXiSajxpxZpoZYnB7wBTPImXL3V VhNh0pl+1TtB16VXRtE5DO0k9hxnCpEcAcQUTtB2ImHE9Ml2GsFjY2sorbwEEAoCOWtk EYtA== X-Gm-Message-State: APt69E17jKGmZyJy0PtkRP7sxl2nMSHZDkBS3okFxfPwyklsGzBSLXk+ sJ2wVPIxvfoRlMhHeNTfNRAwv8jyzH0= X-Google-Smtp-Source: ADUXVKLugJ/o5Nt+tF7vOlE/UFpKhvjEAeiJZFgFQ8w9aVqpAuP6fw/ayzhpbpZ/lzcXhBSGNk0Gmw== X-Received: by 2002:a62:a09c:: with SMTP id p28-v6mr21109787pfl.9.1529468863736; Tue, 19 Jun 2018 21:27:43 -0700 (PDT) From: Amol Surati To: qemu-devel@nongnu.org Date: Wed, 20 Jun 2018 09:59:30 +0530 Message-Id: <20180620042930.24208-3-suratiamol@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180620042930.24208-1-suratiamol@gmail.com> References: <20180620042930.24208-1-suratiamol@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c00::244 Subject: [Qemu-devel] [PATCH 2/2] tests/ide-test: test case for crash when processing short PRDs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amol Surati , jsnow@redhat.com, "open list:IDE" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: John Snow Related Bug: https://bugs.launchpad.net/qemu/+bug/1777315 Signed-off-by: Amol Surati --- tests/ide-test.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/ide-test.c b/tests/ide-test.c index f39431b1a9..382c29a174 100644 --- a/tests/ide-test.c +++ b/tests/ide-test.c @@ -473,6 +473,32 @@ static void test_bmdma_one_sector_short_prdt(void) free_pci_device(dev); } =20 +static void test_bmdma_partial_sector_short_prdt(void) +{ + QPCIDevice *dev; + QPCIBar bmdma_bar, ide_bar; + uint8_t status; + + /* Read 2 sectors but only give 1 sector in PRDT */ + PrdtEntry prdt[] =3D { + { + .addr =3D 0, + .size =3D cpu_to_le32(0x200), + }, + { + .addr =3D 512, + .size =3D cpu_to_le32(0x44 | PRDT_EOT), + } + }; + + dev =3D get_pci_device(&bmdma_bar, &ide_bar); + status =3D send_dma_request(CMD_READ_DMA, 0, 2, + prdt, ARRAY_SIZE(prdt), NULL); + g_assert_cmphex(status, =3D=3D, 0); + assert_bit_clear(qpci_io_readb(dev, ide_bar, reg_status), DF | ERR); + free_pci_device(dev); +} + static void test_bmdma_long_prdt(void) { QPCIDevice *dev; @@ -1037,6 +1063,8 @@ int main(int argc, char **argv) qtest_add_func("/ide/bmdma/short_prdt", test_bmdma_short_prdt); qtest_add_func("/ide/bmdma/one_sector_short_prdt", test_bmdma_one_sector_short_prdt); + qtest_add_func("/ide/bmdma/partial_sector_short_prdt", + test_bmdma_partial_sector_short_prdt); qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt); qtest_add_func("/ide/bmdma/no_busmaster", test_bmdma_no_busmaster); qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown); --=20 2.17.1