[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] scsi: do not overwrite memory on REQUEST SENSE comm
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PATCH] scsi: do not overwrite memory on REQUEST SENSE commands with a large buffer |
Date: |
Sun, 14 Aug 2011 14:05:49 -0700 |
Other scsi_target_reqops commands were careful about not using r->cmd.xfer
directly, and instead always cap it to a fixed length. This was not done
for REQUEST SENSE, and this patch fixes it.
Reported-by: Blue Swirl <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
The way you called REQUEST SENSE from OpenBIOS is correct, the
bug is clearly in QEMU. However, I would like to stress that
you do not need to call it. Sense data is automatically
overwritten by the next command, but it is only reported after
a command returned CHECK CONDITION. So, REQUEST SENSE always
gets you information too late. That's why in your case what
you want is TEST UNIT READY. If you want, after each failed
TEST UNIT READY command you _can_ REQUEST SENSE and check that
indeed you're getting a unit attention and not another sense
key, but that's not really necessary.
hw/scsi-bus.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 559d5a4..80d6bf0 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -292,7 +292,8 @@ static int32_t scsi_target_send_command(SCSIRequest *req,
uint8_t *buf)
if (req->cmd.xfer < 4) {
goto illegal_request;
}
- r->len = scsi_device_get_sense(r->req.dev, r->buf, req->cmd.xfer,
+ r->len = scsi_device_get_sense(r->req.dev, r->buf,
+ MIN(req->cmd.xfer, sizeof r->buf),
(req->cmd.buf[1] & 1) == 0);
break;
default:
--
1.7.6
- [Qemu-devel] [PATCH] scsi: do not overwrite memory on REQUEST SENSE commands with a large buffer,
Paolo Bonzini <=