Oh, sorry to forget to CC Alexander Bulekov. Thanks, Li Qiang
Li Qiang <[email protected]> 于2020年8月15日周六 下午10:20写道: > > Currently in 'megasas_map_sgl' when 'iov_count=0' will just return > success however the 'cmd' doens't contain any iov. This will cause > the assert in 'scsi_dma_complete' failed. This is because in > 'dma_blk_cb' the 'dbs->sg_cur_index == dbs->sg->nsg' will be true > and just call 'dma_complete'. However now there is no aiocb returned. > > This fixes the LP#1878263: > > -->https://bugs.launchpad.net/qemu/+bug/1878263 > > Reported-by: Alexander Bulekov <[email protected]> > Signed-off-by: Li Qiang <[email protected]> > --- > hw/scsi/megasas.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c > index d6c9680c36..9562c58a2d 100644 > --- a/hw/scsi/megasas.c > +++ b/hw/scsi/megasas.c > @@ -278,7 +278,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd > *cmd, union mfi_sgl *sgl) > > cmd->flags = le16_to_cpu(cmd->frame->header.flags); > iov_count = cmd->frame->header.sge_count; > - if (iov_count > MEGASAS_MAX_SGE) { > + if (!iov_count || iov_count > MEGASAS_MAX_SGE) { > trace_megasas_iovec_sgl_overflow(cmd->index, iov_count, > MEGASAS_MAX_SGE); > return -1; > -- > 2.17.1 >
