Message ID | 20240313085810.2655062-10-mark.cave-ayland@ilande.co.uk |
---|---|
State | New |
Headers | show |
Series | esp: avoid explicit setting of DRQ within ESP state machine | expand |
On 13/3/24 09:58, Mark Cave-Ayland wrote: > The current logic assumes that at least 1 byte is present in the FIFO when > executing a non-DMA SELATNS command, but this may not be the case if the > guest executes an invalid ESP command sequence. > > Reported-by: Chuhong Yuan <hslester96@gmail.com> > Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> > --- > hw/scsi/esp.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 6b7a972947..55143a1208 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -762,7 +762,8 @@ static void esp_do_nodma(ESPState *s) case CMD_SELATNS: /* Copy one byte from FIFO into cmdfifo */ - len = esp_fifo_pop_buf(s, buf, 1); + len = esp_fifo_pop_buf(s, buf, + MIN(fifo8_num_used(&s->fifo), 1)); len = MIN(fifo8_num_free(&s->cmdfifo), len); fifo8_push_all(&s->cmdfifo, buf, len);
The current logic assumes that at least 1 byte is present in the FIFO when executing a non-DMA SELATNS command, but this may not be the case if the guest executes an invalid ESP command sequence. Reported-by: Chuhong Yuan <hslester96@gmail.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> --- hw/scsi/esp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)