On 210407 1404, Mark Cave-Ayland wrote:
>
> Even though I can't reproduce the assert() here, looking at the code I think
> I can see how do_cmd is not being reset when a DMA command is issued. Does
> the following solve the outstanding fuzzer asserts?
Hi Mark,
I guess there must have been something timing-sensitive in the
reproducer... Too bad it didn't work.
>
> diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
> index 0037197bdb..b668acef82 100644
> --- a/hw/scsi/esp.c
> +++ b/hw/scsi/esp.c
> @@ -357,6 +357,7 @@ static void handle_satn(ESPState *s)
> cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
> if (cmdlen > 0) {
> s->cmdfifo_cdb_offset = 1;
> + s->do_cmd = 0;
> do_cmd(s);
> } else if (cmdlen == 0) {
> s->do_cmd = 1;
> @@ -390,6 +391,7 @@ static void handle_s_without_atn(ESPState *s)
> cmdlen = get_cmd(s, ESP_CMDFIFO_SZ);
> if (cmdlen > 0) {
> s->cmdfifo_cdb_offset = 0;
> + s->do_cmd = 0;
> do_busid_cmd(s, 0);
> } else if (cmdlen == 0) {
> s->do_cmd = 1;
>
With this applied, I don't see either of those asserts anymore.
Thank you!
-Alex
>
> ATB,
>
> Mark.
