From: Mark Cave-Ayland Date: Fri, 12 Jan 2024 12:53:21 +0000 (+0000) Subject: esp.c: fix premature end of phase logic esp_command_complete X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=cb9881999dead51723bc5eb6d6fc2837f9345920;p=qemu.git esp.c: fix premature end of phase logic esp_command_complete There are two cases here: the first is when the TI command underflows, in which case we raise INTR_BS to indicate an early change of phase, and the second is when the TI command overflows because the host requested a transfer for more data than is available. In the latter case force TC to zero so that the TI completion logic executes correctly. Signed-off-by: Mark Cave-Ayland Tested-by: Helge Deller Tested-by: Thomas Huth Message-Id: <20240112125420.514425-30-mark.cave-ayland@ilande.co.uk> Signed-off-by: Mark Cave-Ayland --- diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index f20026c3dc..c6151d306e 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -887,7 +887,6 @@ void esp_command_complete(SCSIRequest *req, size_t resid) if (s->ti_size != 0) { trace_esp_command_complete_unexpected(); } - s->ti_size = 0; } s->async_len = 0; @@ -897,13 +896,26 @@ void esp_command_complete(SCSIRequest *req, size_t resid) s->status = req->status; /* - * If the transfer is finished, switch to status phase. For non-DMA - * transfers from the target the last byte is still in the FIFO + * Switch to status phase. For non-DMA transfers from the target the last + * byte is still in the FIFO */ + esp_set_phase(s, STAT_ST); if (s->ti_size == 0) { - esp_set_phase(s, STAT_ST); + /* + * Transfer complete: force TC to zero just in case a TI command was + * requested for more data than the command returns (Solaris 8 does + * this) + */ + esp_set_tc(s, 0); esp_dma_done(s); - esp_lower_drq(s); + } else { + /* + * Transfer truncated: raise INTR_BS to indicate early change of + * phase + */ + s->rregs[ESP_RINTR] |= INTR_BS; + esp_raise_irq(s); + s->ti_size = 0; } if (s->current_req) {