| Message ID | 20240112131529.515642-2-mark.cave-ayland@ilande.co.uk |
|---|---|
| State | New |
| Headers | show |
| Series | esp-pci: fixes for Linux and MS-DOS | expand |
On Fri, Jan 12, 2024 at 01:15:26PM +0000, Mark Cave-Ayland wrote: > The current code in esp_pci_dma_memory_rw() sets the DMA address to the value > of the DMA_SPA (Starting Physical Address) register which is incorrect: this > means that for each callback from the SCSI layer the DMA address is set back > to the starting address. > > In the case where only a single SCSI callback occurs (currently for transfer > lengths < 128kB) this works fine, however for larger transfers the DMA address > wraps back to the initial starting address, corrupting the buffer holding the > data transferred to the guest. > > Fix esp_pci_dma_memory_rw() to use the DMA_WAC (Working Address Counter) for > the DMA address which is correctly incremented across multiple SCSI layer > transfers. > > Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> > --- > hw/scsi/esp-pci.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/scsi/esp-pci.c b/hw/scsi/esp-pci.c > index 93b3429e0f..7117725371 100644 > --- a/hw/scsi/esp-pci.c > +++ b/hw/scsi/esp-pci.c > @@ -275,7 +275,7 @@ static void esp_pci_dma_memory_rw(PCIESPState *pci, uint8_t *buf, int len, > qemu_log_mask(LOG_UNIMP, "am53c974: MDL transfer not implemented\n"); > } > > - addr = pci->dma_regs[DMA_SPA]; > + addr = pci->dma_regs[DMA_WAC]; > if (pci->dma_regs[DMA_WBC] < len) { > len = pci->dma_regs[DMA_WBC]; > } > -- > 2.39.2 >
diff --git a/hw/scsi/esp-pci.c b/hw/scsi/esp-pci.c index 93b3429e0f..7117725371 100644 --- a/hw/scsi/esp-pci.c +++ b/hw/scsi/esp-pci.c @@ -275,7 +275,7 @@ static void esp_pci_dma_memory_rw(PCIESPState *pci, uint8_t *buf, int len, qemu_log_mask(LOG_UNIMP, "am53c974: MDL transfer not implemented\n"); } - addr = pci->dma_regs[DMA_SPA]; + addr = pci->dma_regs[DMA_WAC]; if (pci->dma_regs[DMA_WBC] < len) { len = pci->dma_regs[DMA_WBC]; }
The current code in esp_pci_dma_memory_rw() sets the DMA address to the value of the DMA_SPA (Starting Physical Address) register which is incorrect: this means that for each callback from the SCSI layer the DMA address is set back to the starting address. In the case where only a single SCSI callback occurs (currently for transfer lengths < 128kB) this works fine, however for larger transfers the DMA address wraps back to the initial starting address, corrupting the buffer holding the data transferred to the guest. Fix esp_pci_dma_memory_rw() to use the DMA_WAC (Working Address Counter) for the DMA address which is correctly incremented across multiple SCSI layer transfers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> --- hw/scsi/esp-pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)