From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36906)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1X1wZA-00014z-KB
	for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:49:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1X1wZ3-0001vj-QL
	for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:49:40 -0400
Received: from cantor2.suse.de ([195.135.220.15]:42404 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1X1wZ3-0001vQ-JG
	for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:49:33 -0400
Message-ID: <53B2A04B.70406@suse.de>
Date: Tue, 01 Jul 2014 13:49:31 +0200
From: Alexander Graf <agraf@suse.de>
MIME-Version: 1.0
References: <1404213207-89115-1-git-send-email-reza.jelveh@tuhh.de>
	<20140701113612.GF4587@noname.str.redhat.com>
In-Reply-To: <20140701113612.GF4587@noname.str.redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH_v2] ahci.c: mask unused flags when reading
 size PRDT DBC
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>, reza.jelveh@tuhh.de
Cc: pbonzini@redhat.com, jsnow@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com


On 01.07.14 13:36, Kevin Wolf wrote:
> Am 01.07.2014 um 13:13 hat reza.jelveh@tuhh.de geschrieben:
>> From: Reza Jelveh <reza.jelveh@tuhh.de>
>>
>> The data byte count(DBC) read from the description information is defined for
>> bits 21:00. Bits 30:22 are reserved and bit 31 is the Interrupt on Completion
>> (I) flag.
>>
>> Completion interrupts are triggered after every transaction instead of on
>> I-flag in QEMU. tbl_entry_size is a signed integer and improperly reading the
>> DBC leads to a negative offset that causes sglist allocation to fail.
>>
>> Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de>
>> ---
>> This requires a custom ovmf image with sata controller for testing:
>>
>> http://reza.jelveh.me/assets/OVMF.fd.bz2
>>
>> Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de>
> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
>
> The spec also seems to require an even byte count, which we don't seem
> to check. Do we want to add this? (In a separate patch, of course.)

We could just remove the lowest bit in the mask, no? ;)


Alex