We're supposed to abort on transfers like this, unless we fill
Word 125 of our IDENTIFY data with a default transfer size, which
we don't currently do.
This is an ATA error, not a SCSI/ATAPI one.
See ATA8-ACS3 sections 7.17.6.49 or 7.21.5.
If we don't do this, QEMU will loop forever trying to transfer
zero bytes, which isn't particularly useful.
Signed-off-by: John Snow <js...@redhat.com>
---
hw/ide/atapi.c | 10 +++++++++-
hw/ide/core.c | 2 +-
hw/ide/internal.h | 1 +
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 950e311..1efdefc 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -213,8 +213,16 @@ void ide_atapi_cmd_reply_end(IDEState *s)
#ifdef DEBUG_IDE_ATAPI
printf("byte_count_limit=%d\n", byte_count_limit);
#endif
- if (byte_count_limit == 0xffff)
+ if (byte_count_limit == 0x00) {
+ /* This command aborts at the /ATA/ level, not the ATAPI level.
+ * See ATA8 ACS3 section 7.17.6.49 and 7.21.5 */
+ ide_abort_command(s);
+ return;
+ } else if (byte_count_limit == 0xffff) {
+ /* ATA8 ACS3 7.21.5 */
byte_count_limit--;
+ }
+
size = s->packet_transfer_size;
if (size > byte_count_limit) {
/* byte count limit must be even if this case */
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 122e955..a3a8365 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -457,7 +457,7 @@ BlockAIOCB *ide_issue_trim(BlockBackend *blk,
return &iocb->common;
}
-static inline void ide_abort_command(IDEState *s)
+void ide_abort_command(IDEState *s)
{
ide_transfer_stop(s);
s->status = READY_STAT | ERR_STAT;
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 30fdcbc..40e1aa4 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -537,6 +537,7 @@ void ide_set_sector(IDEState *s, int64_t sector_num);
void ide_start_dma(IDEState *s, BlockCompletionFunc *cb);
void ide_dma_error(IDEState *s);
+void ide_abort_command(IDEState *s);
void ide_atapi_cmd_ok(IDEState *s);
void ide_atapi_cmd_error(IDEState *s, int sense_key, int asc);
--
2.1.0
