falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scsi: avoid an off-by-one error in megasas_mmio_write 

While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
an off-by-one error could occur as 's->adp_reset' index is not
reset after reading the last sequence.

Reported-by: YY Z <bigbird475958471@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Prasad J Pandit 2017-04-24 17:36:34 +05:30 committed by Paolo Bonzini
parent aab9e87e7a
commit 24dfa9fa2f
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hw/scsi/megasas.c
View File

@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
if (adp_reset_seq[s->adp_reset] == val) {
s->adp_reset++;
if (adp_reset_seq[s->adp_reset++] == val) {
if (s->adp_reset == 6) {
s->adp_reset = 0;
s->diag = MFI_DIAG_WRITE_ENABLE;
}
} else {
s->adp_reset = 0;
s->diag = 0;
}
if (s->adp_reset == 6) {
s->diag = MFI_DIAG_WRITE_ENABLE;
}
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);