scsi: mptsas: infinite loop while fetching requests

The LSI SAS1068 Host Bus Adapter emulator in Qemu, periodically looks for requests and fetches them. A loop doing that in mptsas_fetch_requests() could run infinitely if 's->state' was not operational. Move check to avoid such a loop. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Cc: qemu-stable@nongnu.org Message-Id: <1464077264-25473-1-git-send-email-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qemu · May 29, 2016 · 0663055 · 0663055
1 parent 3e831b4
commit 0663055
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
@@ -754,11 +754,6 @@ static void mptsas_fetch_request(MPTSASState *s)
     hwaddr addr;
     int size;
 
-    if (s->state != MPI_IOC_STATE_OPERATIONAL) {
-        mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
-        return;
-    }
-
     /* Read the message header from the guest first. */
     addr = s->host_mfa_high_addr | MPTSAS_FIFO_GET(s, request_post);
     pci_dma_read(pci, addr, req, sizeof(hdr));
@@ -789,6 +784,10 @@ static void mptsas_fetch_requests(void *opaque)
 {
     MPTSASState *s = opaque;
 
+    if (s->state != MPI_IOC_STATE_OPERATIONAL) {
+        mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE);
+        return;
+    }
     while (!MPTSAS_FIFO_EMPTY(s, request_post)) {
         mptsas_fetch_request(s);
     }