[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] scsi-disk: fix crash on VERIFY command
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] scsi-disk: fix crash on VERIFY command |
Date: |
Tue, 3 Jan 2017 18:18:44 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
On 03/01/2017 10:58, Zhang Qian wrote:
>
> At 2017-01-03 17:38:49, Paolo Bonzini <address@hidden> wrote:
>>
>>
>>On 03/01/2017 09:12, Zhang Qian wrote:
>>> yes, you are right.
>>> The scenarios of problem is
>>> a scsi-disk object receives VERIFY command with BYTCHK bit being zero,
>>> scsi_block_is_passthrough returns false and finally scsi-block uses
>>> scsi_disk_dma_command for
>>> VERIFY. So the mode is set to SCSI_XFER_NONE.
>>> In scsi_req_continue, scsi_read_data function is called.
>>
>>Uhm, is the fix simply
>>
>>diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
>>index bdd1e5f..c080888 100644
>>--- a/hw/scsi/scsi-disk.c
>>+++ b/hw/scsi/scsi-disk.c
>>@@ -2701,7 +2701,7 @@ static bool scsi_block_is_passthrough(SCSIDiskState *s,
>>uint8_t *buf)
>> * for the number of logical blocks specified in the length
>> * field). For other modes, do not use scatter/gather operation.
>> */
>>- if ((buf[1] & 6) != 2) {
>>+ if ((buf[1] & 6) == 2) {
>> return false;
>> }
>> break;
>>
>>then?
> I verified your patch, it is ok.
>
> but why not use (buf[1] & 2) == 2 ?
Isn't BYTCHK bits 1 and 2?
Paolo