ide_dma_cb: Assertion `prep_size >= 0 && prep_size <= n * 512' failed.

ACK. I do not have time to fix this bug at the moment under the belief that it's likely low-priority and only "misbehaving guests" can trigger it. Some advice:

1. Do not use IDE in production deployments after initial installation, if you can help it. Use a performant virtio solution.

2. If anyone would like to fix this problem, I will be more than happy to point you to the exact lines of code that cause the problem. I think the fix will be easy, but testing will be time-consuming as it involves understanding error behavior of real hardware that I don't personally have the setup to quickly test or verify.

From memory: the problem is that ide_dma_cb expects that it was able to prepare at least one sector's worth of scatter-gather list to begin DMA, but it's possible to give malformed SG lists where IDE is unable to process the remainder of a sector in a list.

It was not clear to me at the time when I first investigated this what a real controller would do if it got an incomplete sector and how it should signal that.

It was also not clear to me if the sg_prepare function for the pci bmdma controller would ever encounter a situation where further entries in the list might be received "later" and we should "wait" for them.

If this bug is more dangerous than a self-inflicted DOS, please let me know and I'll re-prioritize. Patches, email and IRC chats welcome.

--js