diff options
| author | Alexander Popov <alex.popov@linux.com> | 2019-12-23 20:51:16 +0300 |
|---|---|---|
| committer | John Snow <jsnow@redhat.com> | 2020-01-27 17:07:31 -0500 |
| commit | ed78352a59ea7acf7520d4d47a96b9911bae7fc3 (patch) | |
| tree | 39d00fb7a0641dde4769873a8228e0b6356d128b /exec.c | |
| parent | 105b07f1ba462ec48b27e5cb74ddf81c6a79364c (diff) | |
| download | qemu-ed78352a59ea7acf7520d4d47a96b9911bae7fc3.zip qemu-ed78352a59ea7acf7520d4d47a96b9911bae7fc3.tar.gz qemu-ed78352a59ea7acf7520d4d47a96b9911bae7fc3.tar.bz2 | |
ide: Fix incorrect handling of some PRDTs in ide_dma_cb()
The commit a718978ed58a from July 2015 introduced the assertion which
implies that the size of successful DMA transfers handled in ide_dma_cb()
should be multiple of 512 (the size of a sector). But guest systems can
initiate DMA transfers that don't fit this requirement.
For fixing that let's check the number of bytes prepared for the transfer
by the prepare_buf() handler. The code in ide_dma_cb() must behave
according to the Programming Interface for Bus Master IDE Controller
(Revision 1.0 5/16/94):
1. If PRDs specified a smaller size than the IDE transfer
size, then the Interrupt and Active bits in the Controller
status register are not set (Error Condition).
2. If the size of the physical memory regions was equal to
the IDE device transfer size, the Interrupt bit in the
Controller status register is set to 1, Active bit is set to 0.
3. If PRDs specified a larger size than the IDE transfer size,
the Interrupt and Active bits in the Controller status register
are both set to 1.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 20191223175117.508990-2-alex.popov@linux.com
Signed-off-by: John Snow <jsnow@redhat.com>
Diffstat (limited to 'exec.c')
0 files changed, 0 insertions, 0 deletions