From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42796)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@redhat.com>) id 1Z72Mt-00047p-EP
	for qemu-devel@nongnu.org; Mon, 22 Jun 2015 10:06:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@redhat.com>) id 1Z72Ms-0002IM-N0
	for qemu-devel@nongnu.org; Mon, 22 Jun 2015 10:06:35 -0400
Date: Mon, 22 Jun 2015 15:06:19 +0100
From: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20150622140619.GB7136@stefanha-thinkpad.redhat.com>
References: <1434765047-29333-1-git-send-email-jsnow@redhat.com>
	<1434765047-29333-5-git-send-email-jsnow@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t"
Content-Disposition: inline
In-Reply-To: <1434765047-29333-5-git-send-email-jsnow@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 04/16] ahci: check for ncq prdtl overflow
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: John Snow <jsnow@redhat.com>
Cc: kwolf@redhat.com, pbonzini@redhat.com, qemu-devel@nongnu.org, qemu-block@nongnu.org


--mojUlQ0s9EVzWg2t
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 19, 2015 at 09:50:35PM -0400, John Snow wrote:
> @@ -999,20 +1000,28 @@ static void process_ncq_command(AHCIState *s, int =
port, uint8_t *cmd_fis,
>                     ((uint64_t)ncq_fis->lba2 << 16) |
>                     ((uint64_t)ncq_fis->lba1 << 8) |
>                     (uint64_t)ncq_fis->lba0;
> +    ncq_tfs->tag =3D tag;
> =20
> -    /* Note: We calculate the sector count, but don't currently rely on =
it.
> -     * The total size of the DMA buffer tells us the transfer size inste=
ad. */
>      ncq_tfs->sector_count =3D ((uint16_t)ncq_fis->sector_count_high << 8=
) |
>                                  ncq_fis->sector_count_low;
> +    ahci_populate_sglist(ad, &ncq_tfs->sglist, 0);
> +    size =3D ncq_tfs->sector_count * 512;

ncq_tfs->sector_count is used with - 2 and - 1 below.  What is the
semantics of this field and why is it okay to use it without subtracting
here?

--mojUlQ0s9EVzWg2t
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJViBZbAAoJEJykq7OBq3PInuUH/1CK+tMPly77o5bYMbP563vO
VYHSgUc9Da4Q6ko1MTk4TkpqhN38ieDNz0n1aSVYn3dhrymLjSb0WO67jzQI495K
N0/kTMx3Zofwm/T+Km30i6ghi0PfvvEGWX+vV1t5ASvzg+lvFYK/NuhlEOQxnyXA
QtrE0+G8vp2sctoOR495RNVWMB5Te2n7W4b8oBvXeCDyUPBCemny/hRrrUiWx/dW
EtyalCZGNOjuMV9EjxkJF66kqkGiwVtN3IWzhkI1nCzsewdibTtJPrihVg4yYeQW
rO1g9ITyOYvs5l78ivRgmVenPHMMkQqP0/fI9MmAXreVXy3eaZ0jqlhq4lCR53s=
=zmEx
-----END PGP SIGNATURE-----

--mojUlQ0s9EVzWg2t--