From: John Snow <jsnow@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu block <qemu-block@nongnu.org>,
qemu-devel <qemu-devel@nongnu.org>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [Qemu-block] [RFC] ide: fix bmdma underflow code
Date: Wed, 01 Jul 2015 14:38:47 -0400 [thread overview]
Message-ID: <559433B7.5050701@redhat.com> (raw)
In-Reply-To: <CAJSP0QXppxT-izaYtBRA8UqZfCtPb10nbB3=m981P62rSwT-yQ@mail.gmail.com>
On 07/01/2015 01:10 PM, Stefan Hajnoczi wrote:
> On Wed, Jul 1, 2015 at 4:49 PM, John Snow <jsnow@redhat.com> wrote:
>> On 07/01/2015 06:18 AM, Stefan Hajnoczi wrote:
>>> On Mon, Jun 29, 2015 at 04:16:06PM -0400, John Snow wrote:
>>>> diff --git a/hw/ide/core.c b/hw/ide/core.c index 8c271cc..6bcf07c
>>>> 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -716,8 +716,8
>>>> @@ static void ide_dma_cb(void *opaque, int ret)
>>>>
>>>> sector_num = ide_get_sector(s); if (n > 0) { -
>>>> assert(s->io_buffer_size == s->sg.size); -
>>>> dma_buf_commit(s, s->io_buffer_size); + assert(s->nsector
>>>> * 512 == s->sg.size);
>>>
>>> The short PRDT case:
>>>
>>
>> ...is handled "first," lower down in this callback. The first call to
>> ide_dma_cb occurs before we've prepared any bytes or set io_buffer_size.
>>
>> We'll cruise past these post-hoc checks because we didn't transfer
>> anything. We'll hit the explicit "too short" check during that first
>> call and will cease processing there.
>>
>> If the (n > 0) conditionals fire off here, it's because we've already
>> transferred data and we KNOW the PRDTs weren't too short for at least
>> one iteration of the DMA loop*
>
> The case I described with nsector = 2 and PRDT having only 1 sector
> isn't handled before we hit the assertion failure:
>
> qemu-system-x86_64: hw/ide/core.c:719: ide_dma_cb: Assertion
> `s->nsector * 512 == s->sg.size' failed.
>
GOTCHA, it's because the short PRDT check doesn't check to see if it's
enough to satisfy the entire command, just at least one sector.
I forgot. You're right.
>> (*note that at present, AHCI only ever makes one DMA callback loop,
>> because we fire off the entire transfer in one shot, though the loop
>> is tolerant to multiple loops. Maybe other HBAs utilize that, but AHCI
>> doesn't. Regardless, with this patch no qtests or iotests fail, so
>> everything seems peachy.)
>
> I have sent an ide-test.c patch with the test case that triggers the
> assertion failure. It's a slightly different code path from the other
> short PRDT test case so it's useful to add it.
>
>> Though I'm now realizing that what I really meant to write was
>>
>> assert(n * 512 == s->sg.size);
>
> Looks good.
>
prev parent reply other threads:[~2015-07-01 18:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1435608966-12135-1-git-send-email-jsnow@redhat.com>
2015-06-29 20:17 ` [Qemu-devel] [RFC] ide: fix bmdma underflow code John Snow
[not found] ` <20150701101837.GE13991@stefanha-thinkpad.redhat.com>
[not found] ` <55940C07.6020307@redhat.com>
[not found] ` <CAJSP0QXppxT-izaYtBRA8UqZfCtPb10nbB3=m981P62rSwT-yQ@mail.gmail.com>
2015-07-01 18:38 ` John Snow [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559433B7.5050701@redhat.com \
--to=jsnow@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).