From nobody Tue Feb 10 23:53:05 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 152946897335718.487267636658885; Tue, 19 Jun 2018 21:29:33 -0700 (PDT) Received: from localhost ([::1]:46013 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUkI-0002Ew-Ac for importer@patchew.org; Wed, 20 Jun 2018 00:29:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56443) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fVUic-0001O9-T9 for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fVUib-0007LC-PB for qemu-devel@nongnu.org; Wed, 20 Jun 2018 00:27:42 -0400 Received: from mail-pl0-x242.google.com ([2607:f8b0:400e:c01::242]:41526) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fVUib-0007KI-Jo; Wed, 20 Jun 2018 00:27:41 -0400 Received: by mail-pl0-x242.google.com with SMTP id w8-v6so1015308ply.8; Tue, 19 Jun 2018 21:27:41 -0700 (PDT) Received: from localhost.localdomain ([103.85.8.123]) by smtp.gmail.com with ESMTPSA id f6-v6sm1738984pfd.112.2018.06.19.21.27.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Jun 2018 21:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6iz1z+40tF6LdlC59dCjRmyVAJ/PFe2Sox8rTSRpiBI=; b=uwyrR8+H0jU8M3GJrdn36DoCGXGaQ9krdbb9zgXf5mQPHrrBPCz85u21H58dJYDEo6 3Mxh2qA5X+a/Cv+Pm89JlJdpvMTP6/uI8K5Ob5G7cN2AEP8e0bODeOqPUYwCl3Jn8sWu fd0nM7D1DMPPaPl420lJ0l/DvSBzQq33gagM0tkXChT5WtVxU2JpBgaxpkPy0x0GNlTS /dP4g7fUBHNCAeE9N1lQM1lZup6iNq6SlR6hzl0Bglr1WiRk8rnJqW5zFli/HGJ4YSFS llLUDR+W8uLlnViaststJ8Qg7Hf1iTZgqza2ghhF8231CNLInUzq4M/YLcoKn/SRa+wX mBOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6iz1z+40tF6LdlC59dCjRmyVAJ/PFe2Sox8rTSRpiBI=; b=Gtjb/rcriiRG5j5uu4SioiMW8wqfstbPfHZawBwkY2RJar1dHhE3flCyRgbrfoCQ0G LmWFaKCX6BU5aZOqFdsBaH3848R01TFVI4geAiBxAe3Nd2Fgoc17JSZzmxw+S5vs/FWk gHqN0DZTat0TuPEF6WGh769w+80sJMUOkBsjcnfRGYYqQ+MLPZQ488jXyy+jOl0DT6wT 9wIKND00+34uaFSpf9GH+OyHTHXbPJwygcZf9t8LAlEQ0BL9N+/x34ZOpvzeodfIucuT 4bkjKqtjVcwwIYoSs6+1+HbgRG5t3SWfuZFyzLtm1p0LtlJGYD4T877eyUZhaqwxWWme tpRA== X-Gm-Message-State: APt69E275WcxB3dZv1PX6Cq5yBvsu4O+Ikq8lklpO0zxsX69aG1Db9h+ 7AasbZH5itItA7kYYsshvyMelWM7HpU= X-Google-Smtp-Source: ADUXVKKTOmcWNCeFt0GtrjwbgAVyJ3kNaWYoV5/s4dT/eNYaRIyjgKyTcUCWJowQ/XbB9TUWhkpKfg== X-Received: by 2002:a17:902:8b85:: with SMTP id ay5-v6mr22111678plb.30.1529468860448; Tue, 19 Jun 2018 21:27:40 -0700 (PDT) From: Amol Surati To: qemu-devel@nongnu.org Date: Wed, 20 Jun 2018 09:59:29 +0530 Message-Id: <20180620042930.24208-2-suratiamol@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180620042930.24208-1-suratiamol@gmail.com> References: <20180620042930.24208-1-suratiamol@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::242 Subject: [Qemu-devel] [PATCH 1/2] ide/hw/core: fix crash on processing a partial-sector-size DMA xfer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amol Surati , jsnow@redhat.com, "open list:IDE" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Fixes: https://bugs.launchpad.net/qemu/+bug/1777315 QEMU's short PRD policy applies to a DMA transfer of size < 512 bytes. But it fails to consider transfers which are >=3D 512 bytes, but are not a multiple of 512 bytes. Such transfers are not subject to the short PRD policy. They end up violating the assumptions about the granularity of the IO sizes, upon which depend the verification of the completion of the previous transfer, and the advancement of the offset in preparation of the next. Those violations result in the crash. By forcing each transfer to be a multiple of sector size, such transfers are subjected to the policy, and therefore culled before they cause the crash. Signed-off-by: Amol Surati --- hw/ide/core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/ide/core.c b/hw/ide/core.c index 2c62efc536..14d135224b 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -836,6 +836,7 @@ static void ide_dma_cb(void *opaque, int ret) { IDEState *s =3D opaque; int n; + int32_t size_prepared; int64_t sector_num; uint64_t offset; bool stay_active =3D false; @@ -886,7 +887,9 @@ static void ide_dma_cb(void *opaque, int ret) n =3D s->nsector; s->io_buffer_index =3D 0; s->io_buffer_size =3D n * 512; - if (s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size) < 51= 2) { + size_prepared =3D s->bus->dma->ops->prepare_buf(s->bus->dma, + s->io_buffer_size); + if (size_prepared <=3D 0 || size_prepared % 512) { /* The PRDs were too short. Reset the Active bit, but don't raise = an * interrupt. */ s->status =3D READY_STAT | SEEK_STAT; --=20 2.17.1