git.ipfire.org Git - thirdparty/qemu.git/commit

author	Niklas Cassel <niklas.cassel@wdc.com>
	Fri, 9 Jun 2023 14:08:44 +0000 (16:08 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Sun, 10 Sep 2023 16:40:11 +0000 (19:40 +0300)
commit	4f6c55371743ba9d6512fcf4a88a5b5b8936037e
tree	1fae817e02e4ae9d643824a87d2d09ef5eb8ef67	tree
parent	9c7e2253eba2e057f11377beb64dd78d12a1e27d	commit \| diff

hw/ide/ahci: fix broken SError handling

When encountering an NCQ error, you should not write the NCQ tag to the
SError register. This is completely wrong.

The SError register has a clear definition, where each bit represents a
different error, see PxSERR definition in AHCI 1.3.1.

If we write a random value (like the NCQ tag) in SError, e.g. Linux will
read SError, and will trigger arbitrary error handling depending on the
NCQ tag that happened to be executing.

In case of success, ncq_cb() will call ncq_finish().
In case of error, ncq_cb() will call ncq_err() (which will clear
ncq_tfs->used), and then call ncq_finish(), thus using ncq_tfs->used is
sufficient to tell if finished should get set or not.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230609140844.202795-9-nks@flawful.org
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 9f89423537653de07ca40c18b5ff5b70b104cc93)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>