On Fri, Jan 12, 2024 at 01:15:26PM +0000, Mark Cave-Ayland wrote:
> The current code in esp_pci_dma_memory_rw() sets the DMA address to the value
> of the DMA_SPA (Starting Physical Address) register which is incorrect: this
> means that for each callback from the SCSI layer the DMA address is set back
> to the starting address.
>
> In the case where only a single SCSI callback occurs (currently for transfer
> lengths < 128kB) this works fine, however for larger transfers the DMA address
> wraps back to the initial starting address, corrupting the buffer holding the
> data transferred to the guest.
>
> Fix esp_pci_dma_memory_rw() to use the DMA_WAC (Working Address Counter) for
> the DMA address which is correctly incremented across multiple SCSI layer
> transfers.
>
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Guenter Roeck <li...@roeck-us.net>
Tested-by: Guenter Roeck <li...@roeck-us.net>
> ---
> hw/scsi/esp-pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/scsi/esp-pci.c b/hw/scsi/esp-pci.c
> index 93b3429e0f..7117725371 100644
> --- a/hw/scsi/esp-pci.c
> +++ b/hw/scsi/esp-pci.c
> @@ -275,7 +275,7 @@ static void esp_pci_dma_memory_rw(PCIESPState *pci,
> uint8_t *buf, int len,
> qemu_log_mask(LOG_UNIMP, "am53c974: MDL transfer not implemented\n");
> }
>
> - addr = pci->dma_regs[DMA_SPA];
> + addr = pci->dma_regs[DMA_WAC];
> if (pci->dma_regs[DMA_WBC] < len) {
> len = pci->dma_regs[DMA_WBC];
> }
> --
> 2.39.2
>
