scsi: avoid an off-by-one error in megasas_mmio_write

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
an off-by-one error could occur as 's->adp_reset' index is not
reset after reading the last sequence.

Reported-by: YY Z <bigbird475958471@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

authored by

Prasad J Pandit and committed by

Paolo Bonzini 8 years ago 24dfa9fa aab9e87e

+5 -5

1 changed file

expand all

scsi

megasas.c

+5 -5

hw/scsi/megasas.c

··· 2138 2138 case MFI_SEQ: 2139 2139 trace_megasas_mmio_writel("MFI_SEQ", val); 2140 2140 /* Magic sequence to start ADP reset */ 2141 - if (adp_reset_seq[s->adp_reset] == val) { 2142 - s->adp_reset++; 2141 + if (adp_reset_seq[s->adp_reset++] == val) { 2142 + if (s->adp_reset == 6) { 2143 + s->adp_reset = 0; 2144 + s->diag = MFI_DIAG_WRITE_ENABLE; 2145 + } 2143 2146 } else { 2144 2147 s->adp_reset = 0; 2145 2148 s->diag = 0; 2146 - } 2147 - if (s->adp_reset == 6) { 2148 - s->diag = MFI_DIAG_WRITE_ENABLE; 2149 2149 } 2150 2150 break; 2151 2151 case MFI_DIAG: