* [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma()
@ 2021-11-23 11:17 Philippe Mathieu-Daudé
2021-11-23 11:17 ` [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued Philippe Mathieu-Daudé
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-23 11:17 UTC (permalink / raw)
To: qemu-devel
Cc: Laurent Vivier, Fam Zheng, Thomas Huth, Alexander Bulekov,
Qiuhao Li, Darren Kenny, Bandan Das, Vadim Rozenfeld,
Stefan Hajnoczi, Paolo Bonzini, Philippe Mathieu-Daudé,
Gerd Hoffmann
Trivial fix for this long due bug.
Philippe Mathieu-Daudé (2):
hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
tests/qtest: Add fuzz-lsi53c895a-test
hw/scsi/lsi53c895a.c | 3 +-
tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++
MAINTAINERS | 1 +
tests/qtest/meson.build | 1 +
4 files changed, 55 insertions(+), 2 deletions(-)
create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c
--
2.33.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
2021-11-23 11:17 [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Philippe Mathieu-Daudé
@ 2021-11-23 11:17 ` Philippe Mathieu-Daudé
2021-11-23 11:26 ` Laurent Vivier
2021-11-23 11:17 ` [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test Philippe Mathieu-Daudé
2021-11-23 14:02 ` [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Paolo Bonzini
2 siblings, 1 reply; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-23 11:17 UTC (permalink / raw)
To: qemu-devel
Cc: Laurent Vivier, Fam Zheng, Thomas Huth, Alexander Bulekov,
Cheolwoo Myung, Qiuhao Li, qemu-stable, Ruhr-University,
Darren Kenny, Bandan Das, Jérôme Poulin,
Vadim Rozenfeld, Stefan Hajnoczi, Paolo Bonzini, Gaoning Pan,
Philippe Mathieu-Daudé,
Gerd Hoffmann
If asked for DMA request and no data is available, simply wait
for data to be queued, do not abort. This fixes:
$ cat << EOF | \
qemu-system-i386 -nographic -M q35,accel=qtest -serial none \
-monitor none -qtest stdio -trace lsi* \
-drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
-device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0
lsi_reset Reset
lsi_reg_write Write reg DSP2 0x2e = 0xff
lsi_reg_write Write reg DSP3 0x2f = 0xff
lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x184a3900 arg 0x4a8b2d75
qemu-system-i386: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
(gdb) bt
#5 0x00007ffff4e8a3a6 in __GI___assert_fail
(assertion=0x5555560accbc "s->current", file=0x5555560acc28 "hw/scsi/lsi53c895a.c", line=624, function=0x5555560adb18 "lsi_do_dma") at assert.c:101
#6 0x0000555555aa33b9 in lsi_do_dma (s=0x555557805ac0, out=1) at hw/scsi/lsi53c895a.c:624
#7 0x0000555555aa5042 in lsi_execute_script (s=0x555557805ac0) at hw/scsi/lsi53c895a.c:1250
#8 0x0000555555aa757a in lsi_reg_writeb (s=0x555557805ac0, offset=47, val=255 '\377') at hw/scsi/lsi53c895a.c:1984
#9 0x0000555555aa875b in lsi_mmio_write (opaque=0x555557805ac0, addr=47, val=255, size=1) at hw/scsi/lsi53c895a.c:2095
Cc: qemu-stable@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vadim Rozenfeld <vrozenfe@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Reported-by: Jérôme Poulin <jeromepoulin@gmail.com>
Reported-by: Ruhr-University <bugs-syssec@rub.de>
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Fixes: b96a0da06bd ("lsi: move dma_len+dma_buf into lsi_request")
BugLink: https://bugs.launchpad.net/qemu/+bug/697510
BugLink: https://bugs.launchpad.net/qemu/+bug/1905521
BugLink: https://bugs.launchpad.net/qemu/+bug/1908515
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/84
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/305
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/552
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
hw/scsi/lsi53c895a.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 85e907a7854..4c431adb774 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -621,8 +621,7 @@ static void lsi_do_dma(LSIState *s, int out)
dma_addr_t addr;
SCSIDevice *dev;
- assert(s->current);
- if (!s->current->dma_len) {
+ if (!s->current || !s->current->dma_len) {
/* Wait until data is available. */
trace_lsi_do_dma_unavailable();
return;
--
2.33.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test
2021-11-23 11:17 [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Philippe Mathieu-Daudé
2021-11-23 11:17 ` [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued Philippe Mathieu-Daudé
@ 2021-11-23 11:17 ` Philippe Mathieu-Daudé
2021-11-23 11:32 ` Laurent Vivier
2021-11-23 14:02 ` [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Paolo Bonzini
2 siblings, 1 reply; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-23 11:17 UTC (permalink / raw)
To: qemu-devel
Cc: Laurent Vivier, Fam Zheng, Thomas Huth, Alexander Bulekov,
Qiuhao Li, Darren Kenny, Bandan Das, Vadim Rozenfeld,
Stefan Hajnoczi, Paolo Bonzini, Philippe Mathieu-Daudé,
Gerd Hoffmann
Without the previous commit, this test triggers:
$ make check-qtest-x86_64
[...]
Running test qtest-x86_64/fuzz-lsi53c895a-test
qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0)
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++
MAINTAINERS | 1 +
tests/qtest/meson.build | 1 +
3 files changed, 54 insertions(+)
create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c
diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c
new file mode 100644
index 00000000000..ba5d468970c
--- /dev/null
+++ b/tests/qtest/fuzz-lsi53c895a-test.c
@@ -0,0 +1,52 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * QTest fuzzer-generated testcase for LSI53C895A device
+ *
+ * Copyright (c) Red Hat
+ */
+
+#include "qemu/osdep.h"
+#include "libqos/libqtest.h"
+
+/*
+ * This used to trigger the assert in lsi_do_dma()
+ * https://bugs.launchpad.net/qemu/+bug/697510
+ * https://bugs.launchpad.net/qemu/+bug/1905521
+ * https://bugs.launchpad.net/qemu/+bug/1908515
+ */
+static void test_lsi_do_dma_empty_queue(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-M q35 -nographic -monitor none -serial none "
+ "-drive if=none,id=drive0,"
+ "file=null-co://,file.read-zeroes=on,format=raw "
+ "-device lsi53c895a,id=scsi0 "
+ "-device scsi-hd,drive=drive0,"
+ "bus=scsi0.0,channel=0,scsi-id=0,lun=0");
+ qtest_outl(s, 0xcf8, 0x80001814);
+ qtest_outl(s, 0xcfc, 0xe1068000);
+ qtest_outl(s, 0xcf8, 0x80001818);
+ qtest_outl(s, 0xcf8, 0x80001804);
+ qtest_outw(s, 0xcfc, 0x7);
+ qtest_outl(s, 0xcf8, 0x80002010);
+
+ qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */
+ qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */
+
+ qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+ qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue",
+ test_lsi_do_dma_empty_queue);
+ }
+
+ return g_test_run();
+}
diff --git a/MAINTAINERS b/MAINTAINERS
index d3879aa3c12..3c0f76b7801 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1825,6 +1825,7 @@ F: hw/scsi/*
F: tests/qtest/virtio-scsi-test.c
F: tests/qtest/fuzz-virtio-scsi-test.c
F: tests/qtest/am53c974-test.c
+F: tests/qtest/fuzz-lsi53c895a-test.c
T: git https://github.com/bonzini/qemu.git scsi-next
SSI
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index c9d8458062f..d2ce20d3047 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -19,6 +19,7 @@
qtests_generic = \
(config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
+ (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) + \
(config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \
(config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) + \
(config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) + \
--
2.33.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
2021-11-23 11:17 ` [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued Philippe Mathieu-Daudé
@ 2021-11-23 11:26 ` Laurent Vivier
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2021-11-23 11:26 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Thomas Huth, Alexander Bulekov, Cheolwoo Myung,
Qiuhao Li, qemu-stable, Ruhr-University, Darren Kenny,
Bandan Das, Jérôme Poulin, Vadim Rozenfeld,
Stefan Hajnoczi, Paolo Bonzini, Gaoning Pan, Gerd Hoffmann
On 23/11/2021 12:17, Philippe Mathieu-Daudé wrote:
> If asked for DMA request and no data is available, simply wait
> for data to be queued, do not abort. This fixes:
>
> $ cat << EOF | \
> qemu-system-i386 -nographic -M q35,accel=qtest -serial none \
> -monitor none -qtest stdio -trace lsi* \
> -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
> -device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0
> lsi_reset Reset
> lsi_reg_write Write reg DSP2 0x2e = 0xff
> lsi_reg_write Write reg DSP3 0x2f = 0xff
> lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x184a3900 arg 0x4a8b2d75
> qemu-system-i386: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
>
> (gdb) bt
> #5 0x00007ffff4e8a3a6 in __GI___assert_fail
> (assertion=0x5555560accbc "s->current", file=0x5555560acc28 "hw/scsi/lsi53c895a.c", line=624, function=0x5555560adb18 "lsi_do_dma") at assert.c:101
> #6 0x0000555555aa33b9 in lsi_do_dma (s=0x555557805ac0, out=1) at hw/scsi/lsi53c895a.c:624
> #7 0x0000555555aa5042 in lsi_execute_script (s=0x555557805ac0) at hw/scsi/lsi53c895a.c:1250
> #8 0x0000555555aa757a in lsi_reg_writeb (s=0x555557805ac0, offset=47, val=255 '\377') at hw/scsi/lsi53c895a.c:1984
> #9 0x0000555555aa875b in lsi_mmio_write (opaque=0x555557805ac0, addr=47, val=255, size=1) at hw/scsi/lsi53c895a.c:2095
>
> Cc: qemu-stable@nongnu.org
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Vadim Rozenfeld <vrozenfe@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Reported-by: Jérôme Poulin <jeromepoulin@gmail.com>
> Reported-by: Ruhr-University <bugs-syssec@rub.de>
> Reported-by: Gaoning Pan <pgn@zju.edu.cn>
> Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
> Fixes: b96a0da06bd ("lsi: move dma_len+dma_buf into lsi_request")
> BugLink: https://bugs.launchpad.net/qemu/+bug/697510
> BugLink: https://bugs.launchpad.net/qemu/+bug/1905521
> BugLink: https://bugs.launchpad.net/qemu/+bug/1908515
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/84
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/305
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/552
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> hw/scsi/lsi53c895a.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index 85e907a7854..4c431adb774 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -621,8 +621,7 @@ static void lsi_do_dma(LSIState *s, int out)
> dma_addr_t addr;
> SCSIDevice *dev;
>
> - assert(s->current);
> - if (!s->current->dma_len) {
> + if (!s->current || !s->current->dma_len) {
> /* Wait until data is available. */
> trace_lsi_do_dma_unavailable();
> return;
>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test
2021-11-23 11:17 ` [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test Philippe Mathieu-Daudé
@ 2021-11-23 11:32 ` Laurent Vivier
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2021-11-23 11:32 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Thomas Huth, Alexander Bulekov, Qiuhao Li,
Darren Kenny, Bandan Das, Vadim Rozenfeld, Stefan Hajnoczi,
Paolo Bonzini, Gerd Hoffmann
On 23/11/2021 12:17, Philippe Mathieu-Daudé wrote:
> Without the previous commit, this test triggers:
>
> $ make check-qtest-x86_64
> [...]
> Running test qtest-x86_64/fuzz-lsi53c895a-test
> qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
> ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0)
>
> Suggested-by: Alexander Bulekov <alxndr@bu.edu>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++
> MAINTAINERS | 1 +
> tests/qtest/meson.build | 1 +
> 3 files changed, 54 insertions(+)
> create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c
>
> diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c
> new file mode 100644
> index 00000000000..ba5d468970c
> --- /dev/null
> +++ b/tests/qtest/fuzz-lsi53c895a-test.c
> @@ -0,0 +1,52 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * QTest fuzzer-generated testcase for LSI53C895A device
> + *
> + * Copyright (c) Red Hat
> + */
> +
> +#include "qemu/osdep.h"
> +#include "libqos/libqtest.h"
> +
> +/*
> + * This used to trigger the assert in lsi_do_dma()
> + * https://bugs.launchpad.net/qemu/+bug/697510
> + * https://bugs.launchpad.net/qemu/+bug/1905521
> + * https://bugs.launchpad.net/qemu/+bug/1908515
> + */
> +static void test_lsi_do_dma_empty_queue(void)
> +{
> + QTestState *s;
> +
> + s = qtest_init("-M q35 -nographic -monitor none -serial none "
> + "-drive if=none,id=drive0,"
> + "file=null-co://,file.read-zeroes=on,format=raw "
> + "-device lsi53c895a,id=scsi0 "
> + "-device scsi-hd,drive=drive0,"
> + "bus=scsi0.0,channel=0,scsi-id=0,lun=0");
> + qtest_outl(s, 0xcf8, 0x80001814);
> + qtest_outl(s, 0xcfc, 0xe1068000);
> + qtest_outl(s, 0xcf8, 0x80001818);
> + qtest_outl(s, 0xcf8, 0x80001804);
> + qtest_outw(s, 0xcfc, 0x7);
> + qtest_outl(s, 0xcf8, 0x80002010);
> +
> + qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */
> + qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */
> +
> + qtest_quit(s);
> +}
> +
> +int main(int argc, char **argv)
> +{
> + const char *arch = qtest_get_arch();
> +
> + g_test_init(&argc, &argv, NULL);
> +
> + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> + qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue",
> + test_lsi_do_dma_empty_queue);
> + }
> +
> + return g_test_run();
> +}
> diff --git a/MAINTAINERS b/MAINTAINERS
> index d3879aa3c12..3c0f76b7801 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1825,6 +1825,7 @@ F: hw/scsi/*
> F: tests/qtest/virtio-scsi-test.c
> F: tests/qtest/fuzz-virtio-scsi-test.c
> F: tests/qtest/am53c974-test.c
> +F: tests/qtest/fuzz-lsi53c895a-test.c
> T: git https://github.com/bonzini/qemu.git scsi-next
>
> SSI
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index c9d8458062f..d2ce20d3047 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -19,6 +19,7 @@
>
> qtests_generic = \
> (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
> + (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) + \
> (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \
> (config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) + \
> (config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) + \
>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma()
2021-11-23 11:17 [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Philippe Mathieu-Daudé
2021-11-23 11:17 ` [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued Philippe Mathieu-Daudé
2021-11-23 11:17 ` [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test Philippe Mathieu-Daudé
@ 2021-11-23 14:02 ` Paolo Bonzini
2 siblings, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2021-11-23 14:02 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Laurent Vivier, Fam Zheng, Thomas Huth, Alexander Bulekov,
Qiuhao Li, Darren Kenny, Bandan Das, Vadim Rozenfeld,
Stefan Hajnoczi, Gerd Hoffmann
On 11/23/21 12:17, Philippe Mathieu-Daudé wrote:
> Trivial fix for this long due bug.
>
> Philippe Mathieu-Daudé (2):
> hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
> tests/qtest: Add fuzz-lsi53c895a-test
>
> hw/scsi/lsi53c895a.c | 3 +-
> tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++
> MAINTAINERS | 1 +
> tests/qtest/meson.build | 1 +
> 4 files changed, 55 insertions(+), 2 deletions(-)
> create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c
>
Queued, thanks.
Paolo
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-23 14:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-23 11:17 [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Philippe Mathieu-Daudé
2021-11-23 11:17 ` [PATCH-for-6.2 1/2] hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued Philippe Mathieu-Daudé
2021-11-23 11:26 ` Laurent Vivier
2021-11-23 11:17 ` [PATCH-for-6.2 2/2] tests/qtest: Add fuzz-lsi53c895a-test Philippe Mathieu-Daudé
2021-11-23 11:32 ` Laurent Vivier
2021-11-23 14:02 ` [PATCH-for-6.2 0/2] hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() Paolo Bonzini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.