aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi
diff options
context:
space:
mode:
authorLi Qiang <liq3ea@163.com>2020-08-15 07:19:40 -0700
committerPaolo Bonzini <pbonzini@redhat.com>2020-09-30 19:09:20 +0200
commit4773a5f35b0d83674f92816a226a594b03bbcf60 (patch)
treea35d82d80af66bbf14c52a7433f7e7e8e6dfeae2 /hw/scsi
parent5ecfbae201d68a2f13df233260c77b0a25d7cd35 (diff)
downloadqemu-4773a5f35b0d83674f92816a226a594b03bbcf60.zip
qemu-4773a5f35b0d83674f92816a226a594b03bbcf60.tar.gz
qemu-4773a5f35b0d83674f92816a226a594b03bbcf60.tar.bz2
hw: megasas: consider 'iov_count=0' is an error in megasas_map_sgl
Currently in 'megasas_map_sgl' when 'iov_count=0' will just return success however the 'cmd' doens't contain any iov. This will cause the assert in 'scsi_dma_complete' failed. This is because in 'dma_blk_cb' the 'dbs->sg_cur_index == dbs->sg->nsg' will be true and just call 'dma_complete'. However now there is no aiocb returned. This fixes the LP#1878263: -->https://bugs.launchpad.net/qemu/+bug/1878263 Reported-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Li Qiang <liq3ea@163.com> Message-Id: <20200815141940.44025-3-liq3ea@163.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi')
-rw-r--r--hw/scsi/megasas.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 4cc709d..e24c12d 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -277,7 +277,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl)
cmd->flags = le16_to_cpu(cmd->frame->header.flags);
iov_count = cmd->frame->header.sge_count;
- if (iov_count > MEGASAS_MAX_SGE) {
+ if (!iov_count || iov_count > MEGASAS_MAX_SGE) {
trace_megasas_iovec_sgl_overflow(cmd->index, iov_count,
MEGASAS_MAX_SGE);
return -1;