From nobody Sun May 19 02:06:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637230079604161.70503822799697; Thu, 18 Nov 2021 02:07:59 -0800 (PST) Received: from localhost ([::1]:50906 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mneKk-00032g-A0 for importer@patchew.org; Thu, 18 Nov 2021 05:07:58 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55804) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mneGj-0006qr-Ly for qemu-devel@nongnu.org; Thu, 18 Nov 2021 05:03:49 -0500 Received: from [2001:41c9:1:41f::167] (port=44590 helo=mail.default.ilande.bv.iomart.io) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mneGi-0000tE-1w for qemu-devel@nongnu.org; Thu, 18 Nov 2021 05:03:49 -0500 Received: from [2a00:23c4:8b9e:9b00:2535:46c:7466:70fe] (helo=kentang.home) by mail.default.ilande.bv.iomart.io with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mneGT-000CXb-0W; Thu, 18 Nov 2021 10:03:37 +0000 From: Mark Cave-Ayland To: pbonzini@redhat.com, fam@euphon.net, thuth@redhat.com, lvivier@redhat.com, qemu-devel@nongnu.org Date: Thu, 18 Nov 2021 10:03:26 +0000 Message-Id: <20211118100327.29061-2-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20211118100327.29061-1-mark.cave-ayland@ilande.co.uk> References: <20211118100327.29061-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 2a00:23c4:8b9e:9b00:2535:46c:7466:70fe X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH for-6.2 1/2] esp: ensure that async_len is reset to 0 during esp_hard_reset() X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.default.ilande.bv.iomart.io) X-Host-Lookup-Failed: Reverse DNS lookup failed for 2001:41c9:1:41f::167 (failed) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.default.ilande.bv.iomart.io X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZM-MESSAGEID: 1637230080345100001 Content-Type: text/plain; charset="utf-8" If a reset command is sent after data has been transferred into the SCSI bu= ffer ensure that async_len is reset to 0. Otherwise a subsequent TI command assu= mes the SCSI buffer contains data to be transferred to the device causing it to dereference the stale async_buf pointer. Signed-off-by: Mark Cave-Ayland Fixes: https://gitlab.com/qemu-project/qemu/-/issues/724 Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/scsi/esp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 84f935b549..58d0edbd56 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -894,6 +894,7 @@ void esp_hard_reset(ESPState *s) memset(s->wregs, 0, ESP_REGS); s->tchi_written =3D 0; s->ti_size =3D 0; + s->async_len =3D 0; fifo8_reset(&s->fifo); fifo8_reset(&s->cmdfifo); s->dma =3D 0; --=20 2.20.1 From nobody Sun May 19 02:06:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637229967098312.2113964929796; Thu, 18 Nov 2021 02:06:07 -0800 (PST) Received: from localhost ([::1]:47052 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mneIv-0000Ku-W2 for importer@patchew.org; Thu, 18 Nov 2021 05:06:06 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55838) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mneGo-0006yN-IO for qemu-devel@nongnu.org; Thu, 18 Nov 2021 05:03:54 -0500 Received: from [2001:41c9:1:41f::167] (port=44596 helo=mail.default.ilande.bv.iomart.io) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mneGm-0000uC-Ln for qemu-devel@nongnu.org; Thu, 18 Nov 2021 05:03:54 -0500 Received: from [2a00:23c4:8b9e:9b00:2535:46c:7466:70fe] (helo=kentang.home) by mail.default.ilande.bv.iomart.io with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mneGX-000CXb-C1; Thu, 18 Nov 2021 10:03:41 +0000 From: Mark Cave-Ayland To: pbonzini@redhat.com, fam@euphon.net, thuth@redhat.com, lvivier@redhat.com, qemu-devel@nongnu.org Date: Thu, 18 Nov 2021 10:03:27 +0000 Message-Id: <20211118100327.29061-3-mark.cave-ayland@ilande.co.uk> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20211118100327.29061-1-mark.cave-ayland@ilande.co.uk> References: <20211118100327.29061-1-mark.cave-ayland@ilande.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 2a00:23c4:8b9e:9b00:2535:46c:7466:70fe X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk Subject: [PATCH for-6.2 2/2] qtest/am53c974-test: add test for reset before transfer X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.default.ilande.bv.iomart.io) X-Host-Lookup-Failed: Reverse DNS lookup failed for 2001:41c9:1:41f::167 (failed) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:41c9:1:41f::167; envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.default.ilande.bv.iomart.io X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZM-MESSAGEID: 1637229968345100001 Content-Type: text/plain; charset="utf-8" Based upon the qtest reproducer posted to Gitlab issue #724 at https://gitlab.com/qemu-project/qemu/-/issues/724. Signed-off-by: Mark Cave-Ayland Acked-by: Thomas Huth --- tests/qtest/am53c974-test.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/qtest/am53c974-test.c b/tests/qtest/am53c974-test.c index 9b1e4211bd..d214a912b3 100644 --- a/tests/qtest/am53c974-test.c +++ b/tests/qtest/am53c974-test.c @@ -223,6 +223,34 @@ static void test_inflight_cancel_ok(void) qtest_quit(s); } =20 +static void test_reset_before_transfer_ok(void) +{ + QTestState *s =3D qtest_init( + "-device am53c974,id=3Dscsi " + "-device scsi-hd,drive=3Ddisk0 -drive " + "id=3Ddisk0,if=3Dnone,file=3Dnull-co://,format=3Draw -nodefaults"); + + qtest_outl(s, 0xcf8, 0x80001010); + qtest_outl(s, 0xcfc, 0xc000); + qtest_outl(s, 0xcf8, 0x80001004); + qtest_outw(s, 0xcfc, 0x01); + qtest_outl(s, 0xc007, 0x2500); + qtest_outl(s, 0xc00a, 0x410000); + qtest_outl(s, 0xc00a, 0x410000); + qtest_outw(s, 0xc00b, 0x0200); + qtest_outw(s, 0xc040, 0x03); + qtest_outw(s, 0xc009, 0x00); + qtest_outw(s, 0xc00b, 0x00); + qtest_outw(s, 0xc009, 0x00); + qtest_outw(s, 0xc00b, 0x00); + qtest_outw(s, 0xc009, 0x00); + qtest_outw(s, 0xc003, 0x1000); + qtest_outw(s, 0xc00b, 0x1000); + qtest_outl(s, 0xc00b, 0x9000); + qtest_outw(s, 0xc00b, 0x1000); + qtest_quit(s); +} + int main(int argc, char **argv) { const char *arch =3D qtest_get_arch(); @@ -248,6 +276,8 @@ int main(int argc, char **argv) test_cancelled_request_ok); qtest_add_func("am53c974/test_inflight_cancel_ok", test_inflight_cancel_ok); + qtest_add_func("am53c974/test_reset_before_transfer_ok", + test_reset_before_transfer_ok); } =20 return g_test_run(); --=20 2.20.1