esp: ensure that do_cmd is set to zero before submitting an ESP select command
When a CDB has been received and is about to be submitted to the SCSI layer via one of the ESP select commands, ensure that do_cmd is set to zero before executing the command. Otherwise a guest executing 2 valid CDBs in quick sequence can invoke the SCSI .transfer_data callback again before do_cmd is set to zero by the callback function triggering an assert at the start of esp_transfer_data(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210407195801.685-12-mark.cave-ayland@ilande.co.uk>
This commit is contained in:
parent
324c880989
commit
607206948c
|
@ -357,6 +357,7 @@ static void handle_satn(ESPState *s)
|
||||||
cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
|
cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
|
||||||
if (cmdlen > 0) {
|
if (cmdlen > 0) {
|
||||||
s->cmdfifo_cdb_offset = 1;
|
s->cmdfifo_cdb_offset = 1;
|
||||||
|
s->do_cmd = 0;
|
||||||
do_cmd(s);
|
do_cmd(s);
|
||||||
} else if (cmdlen == 0) {
|
} else if (cmdlen == 0) {
|
||||||
s->do_cmd = 1;
|
s->do_cmd = 1;
|
||||||
|
@ -390,6 +391,7 @@ static void handle_s_without_atn(ESPState *s)
|
||||||
cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
|
cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
|
||||||
if (cmdlen > 0) {
|
if (cmdlen > 0) {
|
||||||
s->cmdfifo_cdb_offset = 0;
|
s->cmdfifo_cdb_offset = 0;
|
||||||
|
s->do_cmd = 0;
|
||||||
do_busid_cmd(s, 0);
|
do_busid_cmd(s, 0);
|
||||||
} else if (cmdlen == 0) {
|
} else if (cmdlen == 0) {
|
||||||
s->do_cmd = 1;
|
s->do_cmd = 1;
|
||||||
|
|
Loading…
Reference in New Issue