[PULL 29/88] esp.c: fix premature end of phase logic esp_command_complete

Mark Cave-Ayland posted 88 patches 9 months, 2 weeks ago
Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Fam Zheng <fam@euphon.net>
[PULL 29/88] esp.c: fix premature end of phase logic esp_command_complete
Posted by Mark Cave-Ayland 9 months, 2 weeks ago
There are two cases here: the first is when the TI command underflows, in which
case we raise INTR_BS to indicate an early change of phase, and the second is
when the TI command overflows because the host requested a transfer for more
data than is available. In the latter case force TC to zero so that the TI
completion logic executes correctly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Helge Deller <deller@gmx.de>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20240112125420.514425-30-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
---
 hw/scsi/esp.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index f20026c3dc..c6151d306e 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -887,7 +887,6 @@ void esp_command_complete(SCSIRequest *req, size_t resid)
         if (s->ti_size != 0) {
             trace_esp_command_complete_unexpected();
         }
-        s->ti_size = 0;
     }
 
     s->async_len = 0;
@@ -897,13 +896,26 @@ void esp_command_complete(SCSIRequest *req, size_t resid)
     s->status = req->status;
 
     /*
-     * If the transfer is finished, switch to status phase. For non-DMA
-     * transfers from the target the last byte is still in the FIFO
+     * Switch to status phase. For non-DMA transfers from the target the last
+     * byte is still in the FIFO
      */
+    esp_set_phase(s, STAT_ST);
     if (s->ti_size == 0) {
-        esp_set_phase(s, STAT_ST);
+        /*
+         * Transfer complete: force TC to zero just in case a TI command was
+         * requested for more data than the command returns (Solaris 8 does
+         * this)
+         */
+        esp_set_tc(s, 0);
         esp_dma_done(s);
-        esp_lower_drq(s);
+    } else {
+        /*
+         * Transfer truncated: raise INTR_BS to indicate early change of
+         * phase
+         */
+        s->rregs[ESP_RINTR] |= INTR_BS;
+        esp_raise_irq(s);
+        s->ti_size = 0;
     }
 
     if (s->current_req) {
-- 
2.39.2