The fix utilizes the existing policy QEMU has about short PRDs, and considers the transfers that cause the crash as generated through short PRDS.
It - continues to allow QEMU to support multiple calls to prepare_buf/ide_dma_cb, - so, continues to keep QEMU free from needing the entire sglist in one go; - avoids the crash; - but, treats the affected transfers as short, instead of allowing them to continue. Amol Surati (1): ide/hw/core: fix crash on processing a partial-sector-size DMA xfer John Snow (1): tests/ide-test: test case for crash when processing short PRDs hw/ide/core.c | 5 ++++- tests/ide-test.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.17.1