[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 36/99] ahci: fix PxCI register race
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 36/99] ahci: fix PxCI register race |
Date: |
Mon, 23 Jul 2018 15:16:45 -0500 |
From: John Snow <address@hidden>
Fixes: https://bugs.launchpad.net/qemu/+bug/1769189
AHCI presently signals completion prior to the PxCI register being
cleared to indicate completion. If a guest driver attempts to issue
a new command in its IRQ handler, it might be surprised to learn there
is still a command pending.
In the case of Windows 10's boot driver, it will actually poll the IRQ
register hoping to find out when the command is done running -- which
will never happen, as there isn't a command running.
Fix this: clear PxCI in ahci_cmd_done and not in the asynchronous BH.
Because it now runs synchronously, we don't need to check if the command
is actually done by spying on the ATA registers. We know it's done.
CC: qemu-stable <address@hidden>
Reported-by: François Guerraz <address@hidden>
Tested-by: Bruce Rogers <address@hidden>
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
(cherry picked from commit 5694c7eacce6b263ad7497cc1bb76aad746cfd4e)
Signed-off-by: Michael Roth <address@hidden>
---
hw/ide/ahci.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index e22d7be05f..18b9a9c18b 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -532,13 +532,6 @@ static void ahci_check_cmd_bh(void *opaque)
qemu_bh_delete(ad->check_bh);
ad->check_bh = NULL;
- if ((ad->busy_slot != -1) &&
- !(ad->port.ifs[0].status & (BUSY_STAT|DRQ_STAT))) {
- /* no longer busy */
- ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
- ad->busy_slot = -1;
- }
-
check_cmd(ad->hba, ad->port_no);
}
@@ -1425,6 +1418,12 @@ static void ahci_cmd_done(IDEDMA *dma)
trace_ahci_cmd_done(ad->hba, ad->port_no);
+ /* no longer busy */
+ if (ad->busy_slot != -1) {
+ ad->port_regs.cmd_issue &= ~(1 << ad->busy_slot);
+ ad->busy_slot = -1;
+ }
+
/* update d2h status */
ahci_write_fis_d2h(ad);
--
2.17.1
- [Qemu-devel] [PATCH 26/99] intel-iommu: remove IntelIOMMUNotifierNode, (continued)
- [Qemu-devel] [PATCH 26/99] intel-iommu: remove IntelIOMMUNotifierNode, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 25/99] intel-iommu: send PSI always even if across PDEs, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 02/99] device_tree: Increase FDT_MAX_SIZE to 1 MiB, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 30/99] intel-iommu: pass in address space when page walk, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 31/99] intel-iommu: trace domain id during page walk, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 28/99] intel-iommu: only do page walk for MAP notifiers, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 29/99] intel-iommu: introduce vtd_page_walk_info, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 32/99] util: implement simple iova tree, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 34/99] arm_gicv3_kvm: increase clroffset accordingly, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 33/99] intel-iommu: rework the page walk logic, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 36/99] ahci: fix PxCI register race,
Michael Roth <=
- [Qemu-devel] [PATCH 35/99] Fix libusb-1.0.22 deprecated libusb_set_debug with libusb_set_option, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 38/99] block: Make bdrv_is_writable() public, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 37/99] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 39/99] qcow2: Do not mark inactive images corrupt, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 40/99] iotests: Add case for a corrupted inactive image, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 03/99] ccid: Fix dwProtocols advertisement of T=0, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 41/99] throttle: Fix crash on reopen, Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 42/99] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639), Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 43/99] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639), Michael Roth, 2018/07/23
- [Qemu-devel] [PATCH 44/99] i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639), Michael Roth, 2018/07/23