From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56527) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X1w5g-00031c-5a for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:19:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1X1w5b-0007l0-Dl for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:19:12 -0400 Received: from cantor2.suse.de ([195.135.220.15]:41576 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X1w5b-0007kg-1A for qemu-devel@nongnu.org; Tue, 01 Jul 2014 07:19:07 -0400 Message-ID: <53B29927.6060801@suse.de> Date: Tue, 01 Jul 2014 13:19:03 +0200 From: Alexander Graf MIME-Version: 1.0 References: <1404213207-89115-1-git-send-email-reza.jelveh@tuhh.de> In-Reply-To: <1404213207-89115-1-git-send-email-reza.jelveh@tuhh.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH_v2] ahci.c: mask unused flags when reading size PRDT DBC List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: reza.jelveh@tuhh.de, qemu-devel@nongnu.org Cc: Kevin Wolf , pbonzini@redhat.com, jsnow@redhat.com On 01.07.14 13:13, reza.jelveh@tuhh.de wrote: > From: Reza Jelveh > > The data byte count(DBC) read from the description information is defined for > bits 21:00. Bits 30:22 are reserved and bit 31 is the Interrupt on Completion > (I) flag. > > Completion interrupts are triggered after every transaction instead of on > I-flag in QEMU. tbl_entry_size is a signed integer and improperly reading the > DBC leads to a negative offset that causes sglist allocation to fail. > > Signed-off-by: Reza Jelveh > --- > This requires a custom ovmf image with sata controller for testing: > > http://reza.jelveh.me/assets/OVMF.fd.bz2 > > Signed-off-by: Reza Jelveh Reviewed-by: Alexander Graf I'm still puzzled that this ever worked at all ;). Alex