Author: grehan
Date: Tue Oct 22 19:55:04 2013
New Revision: 256926
URL: http://svnweb.freebsd.org/changeset/base/256926
Log:
Fix AHCI ATAPI emulation when backed with /dev/cd0
- remove assumption that the backing file/device had
512-byte sectors
- fix incorrect iovec size variable that would result
in a buffer overrun when an o/s issued an i/o request
with more s/g elements than the blockif api
Reviewed by: Zhixiang Yu (zxyu.c...@gmail.com)
MFC after: 3 days
Modified:
head/usr.sbin/bhyve/pci_ahci.c
Modified: head/usr.sbin/bhyve/pci_ahci.c
==============================================================================
--- head/usr.sbin/bhyve/pci_ahci.c Tue Oct 22 19:53:52 2013
(r256925)
+++ head/usr.sbin/bhyve/pci_ahci.c Tue Oct 22 19:55:04 2013
(r256926)
@@ -663,8 +663,7 @@ atapi_read_capacity(struct ahci_port *p,
uint8_t buf[8];
uint64_t sectors;
- sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx);
- sectors >>= 2;
+ sectors = blockif_size(p->bctx) / 2048;
be32enc(buf, sectors - 1);
be32enc(buf + 4, 2048);
cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN;
@@ -908,9 +907,9 @@ atapi_read(struct ahci_port *p, int slot
/*
* Build up the iovec based on the prdt
*/
- for (i = 0; i < hdr->prdtl; i++) {
+ for (i = 0; i < iovcnt; i++) {
breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc),
- prdt->dba, prdt->dbc + 1);
+ prdt->dba, prdt->dbc + 1);
breq->br_iov[i].iov_len = prdt->dbc + 1;
aior->done += (prdt->dbc + 1);
prdt++;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
