From 4773a5f35b0d83674f92816a226a594b03bbcf60 Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Sat, 15 Aug 2020 07:19:40 -0700 Subject: [PATCH] hw: megasas: consider 'iov_count=0' is an error in megasas_map_sgl Currently in 'megasas_map_sgl' when 'iov_count=0' will just return success however the 'cmd' doens't contain any iov. This will cause the assert in 'scsi_dma_complete' failed. This is because in 'dma_blk_cb' the 'dbs->sg_cur_index == dbs->sg->nsg' will be true and just call 'dma_complete'. However now there is no aiocb returned. This fixes the LP#1878263: -->https://bugs.launchpad.net/qemu/+bug/1878263 Reported-by: Alexander Bulekov Signed-off-by: Li Qiang Message-Id: <20200815141940.44025-3-liq3ea@163.com> Signed-off-by: Paolo Bonzini --- hw/scsi/megasas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index 4cc709d2c6..e24c12d7ee 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -277,7 +277,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl) cmd->flags = le16_to_cpu(cmd->frame->header.flags); iov_count = cmd->frame->header.sge_count; - if (iov_count > MEGASAS_MAX_SGE) { + if (!iov_count || iov_count > MEGASAS_MAX_SGE) { trace_megasas_iovec_sgl_overflow(cmd->index, iov_count, MEGASAS_MAX_SGE); return -1;