[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 07/21] scsi: avoid an off-by-one error in megasas_mmi
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 07/21] scsi: avoid an off-by-one error in megasas_mmio_write |
Date: |
Fri, 5 May 2017 12:13:23 +0200 |
From: Prasad J Pandit <address@hidden>
While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
an off-by-one error could occur as 's->adp_reset' index is not
reset after reading the last sequence.
Reported-by: YY Z <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/scsi/megasas.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf901..804122ab05 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr
addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
- if (adp_reset_seq[s->adp_reset] == val) {
- s->adp_reset++;
+ if (adp_reset_seq[s->adp_reset++] == val) {
+ if (s->adp_reset == 6) {
+ s->adp_reset = 0;
+ s->diag = MFI_DIAG_WRITE_ENABLE;
+ }
} else {
s->adp_reset = 0;
s->diag = 0;
}
- if (s->adp_reset == 6) {
- s->diag = MFI_DIAG_WRITE_ENABLE;
- }
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);
--
2.12.2
- [Qemu-devel] [PULL 00/21] Misc patches for 2017-05-05, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 02/21] hw/i386: Build-time assertion on pc/q35 reset register being identical., Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 03/21] char: Fix removing wrong GSource that be found by fd_in_tag, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 05/21] use _Static_assert in QEMU_BUILD_BUG_ON, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 01/21] hw/i386: Use Rev3 FADT (ACPI 2.0) instead of Rev1 to improve guest OS support., Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 04/21] target/i386: Add GDB XML register description support, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 06/21] vl: deprecate the "-hdachs" option, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 07/21] scsi: avoid an off-by-one error in megasas_mmio_write,
Paolo Bonzini <=
- [Qemu-devel] [PULL 10/21] trace: add qemu mutex lock and unlock trace events, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 11/21] checkpatch: Disallow glib asserts in main code, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 13/21] dump: Acquire BQL around vm_start() in dump thread, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 08/21] sgabios: update for "fix wrong video attrs for int 10h, ah==13h", Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 12/21] hax: Fix memory mapping de-duplication logic, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 09/21] vmw_pvscsi: check message ring page count at initialisation, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 14/21] Fix the -accel parameter and the documentation for 'hax', Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 15/21] MAINTAINERS: Add "R:" tag for self-appointed reviewers, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 16/21] get_maintainer: Teach get_maintainer.pl about the new "R:" tag, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 19/21] get_maintainer: add subsystem to reviewer output, Paolo Bonzini, 2017/05/05