On Sat, Feb 11, 2017 at 7:06 AM, P J P <ppan...@redhat.com> wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > In the SDHCI protocol, the transfer mode register value > is used during multi block transfer to check if block count > register is enabled and should be updated. Transfer mode > register could be set such that, block count register would > not be updated, thus leading to an infinite loop. Add check > to avoid it. > > Reported-by: Wjjzhang <wjjzh...@tencent.com> > Reported-by: Jiang Xin <jiangx...@huawei.com> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
Reviewed-by: Alistair Francis <alistair.fran...@xilinx.com> Thanks, Alistair > --- > hw/sd/sdhci.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > Update: use qemu_log_mask(LOG_UNIMP, ...) > -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html > > diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c > index 5bd5ab6..a9c744b 100644 > --- a/hw/sd/sdhci.c > +++ b/hw/sd/sdhci.c > @@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState > *s) > uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12); > uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk); > > + if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) { > + qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n"); > + return; > + } > + > /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for > * possible stop at page boundary if initial address is not page aligned, > * allow them to work properly */ > @@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque) > if (s->trnmod & SDHC_TRNS_DMA) { > switch (SDHC_DMA_TYPE(s->hostctl)) { > case SDHC_CTRL_SDMA: > - if ((s->trnmod & SDHC_TRNS_MULTI) && > - (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) > { > - break; > - } > - > if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) { > sdhci_sdma_transfer_single_block(s); > } else { > -- > 2.9.3 >
