From nobody Wed Oct 22 15:36:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1519399966487418.2574186834074; Fri, 23 Feb 2018 07:32:46 -0800 (PST) Received: from localhost ([::1]:45204 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1epFL3-0000xR-7J for importer@patchew.org; Fri, 23 Feb 2018 10:32:45 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41587) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1epFFN-0004eK-Vm for qemu-devel@nongnu.org; Fri, 23 Feb 2018 10:26:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1epFFM-0005XL-S7 for qemu-devel@nongnu.org; Fri, 23 Feb 2018 10:26:53 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:48302 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1epFFJ-0005VN-VA; Fri, 23 Feb 2018 10:26:50 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8C8694040856; Fri, 23 Feb 2018 15:26:49 +0000 (UTC) Received: from donizetti.redhat.com (ovpn-117-249.ams2.redhat.com [10.36.117.249]) by smtp.corp.redhat.com (Postfix) with ESMTP id 82E6020A846E; Fri, 23 Feb 2018 15:26:48 +0000 (UTC) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Fri, 23 Feb 2018 16:26:40 +0100 Message-Id: <20180223152640.11459-6-pbonzini@redhat.com> In-Reply-To: <20180223152640.11459-1-pbonzini@redhat.com> References: <20180223152640.11459-1-pbonzini@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 23 Feb 2018 15:26:49 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 23 Feb 2018 15:26:49 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'pbonzini@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 5/5] ide: introduce ide_transfer_start_norecurse X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Lieven , John Snow , qemu-block@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" For the case where the end_transfer_func is also the caller of ide_transfer_start, the mutual recursion can lead to unlimited stack usage. Introduce a new version that can be used to change tail recursion into a loop, and use it in trace_ide_atapi_cmd_reply_end. Signed-off-by: Paolo Bonzini --- hw/ide/atapi.c | 35 +++++++++++++++++++---------------- hw/ide/core.c | 16 ++++++++++++---- include/hw/ide/internal.h | 2 ++ 3 files changed, 33 insertions(+), 20 deletions(-) diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c index be99a929cf..4df4a66bbe 100644 --- a/hw/ide/atapi.c +++ b/hw/ide/atapi.c @@ -248,12 +248,7 @@ void ide_atapi_cmd_reply_end(IDEState *s) trace_ide_atapi_cmd_reply_end(s, s->packet_transfer_size, s->elementary_transfer_size, s->io_buffer_index); - if (s->packet_transfer_size <=3D 0) { - /* end of transfer */ - ide_atapi_cmd_ok(s); - ide_set_irq(s->bus); - trace_ide_atapi_cmd_reply_end_eot(s, s->status); - } else { + while (s->packet_transfer_size > 0) { /* see if a new sector must be read */ if (s->lba !=3D -1 && s->io_buffer_index >=3D s->cd_sector_size) { if (!s->elementary_transfer_size) { @@ -279,11 +274,6 @@ void ide_atapi_cmd_reply_end(IDEState *s) size =3D s->cd_sector_size - s->io_buffer_index; if (size > s->elementary_transfer_size) size =3D s->elementary_transfer_size; - s->packet_transfer_size -=3D size; - s->elementary_transfer_size -=3D size; - s->io_buffer_index +=3D size; - ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size, - size, ide_atapi_cmd_reply_end); } else { /* a new transfer is needed */ s->nsector =3D (s->nsector & ~7) | ATAPI_INT_REASON_IO; @@ -305,14 +295,27 @@ void ide_atapi_cmd_reply_end(IDEState *s) if (size > (s->cd_sector_size - s->io_buffer_index)) size =3D (s->cd_sector_size - s->io_buffer_index); } - s->packet_transfer_size -=3D size; - s->elementary_transfer_size -=3D size; - s->io_buffer_index +=3D size; trace_ide_atapi_cmd_reply_end_new(s, s->status); - ide_transfer_start(s, s->io_buffer + s->io_buffer_index - size, - size, ide_atapi_cmd_reply_end); + } + s->packet_transfer_size -=3D size; + s->elementary_transfer_size -=3D size; + s->io_buffer_index +=3D size; + + /* Some adapters process PIO data right away. In that case, we ne= ed + * to avoid mutual recursion between ide_transfer_start + * and ide_atapi_cmd_reply_end. + */ + if (!ide_transfer_start_norecurse(s, + s->io_buffer + s->io_buffer_inde= x - size, + size, ide_atapi_cmd_reply_end)) { + return; } } + + /* end of transfer */ + ide_atapi_cmd_ok(s); + ide_set_irq(s->bus); + trace_ide_atapi_cmd_reply_end_eot(s, s->status); } =20 /* send a reply of 'size' bytes in s->io_buffer to an ATAPI command */ diff --git a/hw/ide/core.c b/hw/ide/core.c index 447d9624df..ddefeb086d 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -529,8 +529,8 @@ static void ide_clear_retry(IDEState *s) } =20 /* prepare data transfer and tell what to do after */ -void ide_transfer_start(IDEState *s, uint8_t *buf, int size, - EndTransferFunc *end_transfer_func) +bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, + EndTransferFunc *end_transfer_func) { s->data_ptr =3D buf; s->data_end =3D buf + size; @@ -540,10 +540,18 @@ void ide_transfer_start(IDEState *s, uint8_t *buf, in= t size, } if (!s->bus->dma->ops->start_transfer) { s->end_transfer_func =3D end_transfer_func; - return; + return false; } s->bus->dma->ops->start_transfer(s->bus->dma); - end_transfer_func(s); + return true; +} + +void ide_transfer_start(IDEState *s, uint8_t *buf, int size, + EndTransferFunc *end_transfer_func) +{ + if (ide_transfer_start_norecurse(s, buf, size, end_transfer_func)) { + end_transfer_func(s); + } } =20 static void ide_cmd_done(IDEState *s) diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h index efaabbd815..1bd93d0a30 100644 --- a/include/hw/ide/internal.h +++ b/include/hw/ide/internal.h @@ -624,6 +624,8 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val); =20 void ide_transfer_start(IDEState *s, uint8_t *buf, int size, EndTransferFunc *end_transfer_func); +bool ide_transfer_start_norecurse(IDEState *s, uint8_t *buf, int size, + EndTransferFunc *end_transfer_func); void ide_transfer_stop(IDEState *s); void ide_set_inactive(IDEState *s, bool more); BlockAIOCB *ide_issue_trim( --=20 2.14.3