svn commit: r256926 - head/usr.sbin/bhyve

[Peter Grehan]

Author: grehan
Date: Tue Oct 22 19:55:04 2013
New Revision: 256926
URL: http://svnweb.freebsd.org/changeset/base/256926

Log:
  Fix AHCI ATAPI emulation when backed with /dev/cd0
  
  - remove assumption that the backing file/device had
    512-byte sectors
  - fix incorrect iovec size variable that would result
    in a buffer overrun when an o/s issued an i/o request
    with more s/g elements than the blockif api
  
  Reviewed by:	Zhixiang Yu (zxyu.core at gmail.com)
  MFC after:	3 days

Modified:
  head/usr.sbin/bhyve/pci_ahci.c

Modified: head/usr.sbin/bhyve/pci_ahci.c
==============================================================================
--- head/usr.sbin/bhyve/pci_ahci.c	Tue Oct 22 19:53:52 2013	(r256925)
+++ head/usr.sbin/bhyve/pci_ahci.c	Tue Oct 22 19:55:04 2013	(r256926)
@@ -663,8 +663,7 @@ atapi_read_capacity(struct ahci_port *p,
 	uint8_t buf[8];
 	uint64_t sectors;
 
-	sectors = blockif_size(p->bctx) / blockif_sectsz(p->bctx);
-	sectors >>= 2;
+	sectors = blockif_size(p->bctx) / 2048;
 	be32enc(buf, sectors - 1);
 	be32enc(buf + 4, 2048);
 	cfis[4] = (cfis[4] & ~7) | ATA_I_CMD | ATA_I_IN;
@@ -908,9 +907,9 @@ atapi_read(struct ahci_port *p, int slot
 	/*
 	 * Build up the iovec based on the prdt
 	 */
-	for (i = 0; i < hdr->prdtl; i++) {
+	for (i = 0; i < iovcnt; i++) {
 		breq->br_iov[i].iov_base = paddr_guest2host(ahci_ctx(sc),
-				prdt->dba, prdt->dbc + 1);
+		    prdt->dba, prdt->dbc + 1);
 		breq->br_iov[i].iov_len = prdt->dbc + 1;
 		aior->done += (prdt->dbc + 1);
 		prdt++;