From: Stefan Weil <sw@weilnetz.de>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 02/14] scsi: prevent data transfer overflow
Date: Fri, 04 May 2012 18:28:45 +0200 [thread overview]
Message-ID: <4FA403BD.2050309@weilnetz.de> (raw)
In-Reply-To: <1336121154-26517-3-git-send-email-pbonzini@redhat.com>
Am 04.05.2012 10:45, schrieb Paolo Bonzini:
> Avoid sending more than 2GB of data, as that can cause overflows
> in int32_t variables.
>
> Signed-off-by: Paolo Bonzini<pbonzini@redhat.com>
> ---
> hw/scsi-bus.c | 38 ++++++++++++++++++++++++++------------
> 1 file changed, 26 insertions(+), 12 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index dbdb99c..c29a4ae 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -239,6 +239,18 @@ int scsi_bus_legacy_handle_cmdline(SCSIBus *bus)
> return res;
> }
>
> +static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf)
> +{
> + scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
> + scsi_req_complete(req, CHECK_CONDITION);
> + return 0;
> +}
> +
> +static const struct SCSIReqOps reqops_invalid_field = {
> + .size = sizeof(SCSIRequest),
> + .send_command = scsi_invalid_field
> +};
> +
> /* SCSIReqOps implementation for invalid commands. */
>
> static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf)
> @@ -517,18 +529,20 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
> cmd.lba);
> }
>
> - if ((d->unit_attention.key == UNIT_ATTENTION ||
> - bus->unit_attention.key == UNIT_ATTENTION)&&
> - (buf[0] != INQUIRY&&
> - buf[0] != REPORT_LUNS&&
> - buf[0] != GET_CONFIGURATION&&
> - buf[0] != GET_EVENT_STATUS_NOTIFICATION&&
> -
> - /*
> - * If we already have a pending unit attention condition,
> - * report this one before triggering another one.
> - */
> - !(buf[0] == REQUEST_SENSE&& d->sense_is_ua))) {
> + if (cmd.xfer> INT32_MAX) {
> + req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private);
WARNING: line over 80 characters
#54: FILE: hw/scsi-bus.c:533:
+ req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun,
hba_private);
total: 0 errors, 1 warnings, 50 lines checked
0002-scsi-prevent-data-transfer-overflow.patch has style problems,
please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
> + } else if ((d->unit_attention.key == UNIT_ATTENTION ||
> + bus->unit_attention.key == UNIT_ATTENTION)&&
> + (buf[0] != INQUIRY&&
> + buf[0] != REPORT_LUNS&&
> + buf[0] != GET_CONFIGURATION&&
> + buf[0] != GET_EVENT_STATUS_NOTIFICATION&&
> +
> + /*
> + * If we already have a pending unit attention condition,
> + * report this one before triggering another one.
> + */
> + !(buf[0] == REQUEST_SENSE&& d->sense_is_ua))) {
> req = scsi_req_alloc(&reqops_unit_attention, d, tag, lun,
> hba_private);
> } else if (lun != d->lun ||
next prev parent reply other threads:[~2012-05-04 16:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-04 8:45 [Qemu-devel] [PULL 00/14] SCSI changes for 1.1 Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 01/14] ISCSI: Add support for thin-provisioning via discard/UNMAP and bigger LUNs Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 02/14] scsi: prevent data transfer overflow Paolo Bonzini
2012-05-04 16:28 ` Stefan Weil [this message]
2012-05-04 16:29 ` Paolo Bonzini
2012-05-04 16:51 ` Stefan Weil
2012-05-07 10:11 ` Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 03/14] scsi: fix refcounting for reads Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 04/14] scsi: fix WRITE SAME transfer length and direction Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 05/14] scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 06/14] scsi: change "removable" field to host many features Paolo Bonzini
2012-05-04 16:30 ` Stefan Weil
2012-05-04 16:36 ` Paolo Bonzini
2012-05-04 16:49 ` Andreas Färber
2012-05-04 8:45 ` [Qemu-devel] [PATCH 07/14] scsi-disk: add dpofua property Paolo Bonzini
2012-05-04 16:32 ` Stefan Weil
2012-05-04 8:45 ` [Qemu-devel] [PATCH 08/14] scsi: do not report bogus overruns for commands in the 0x00-0x1F range Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 09/14] scsi: parse 16-byte tape CDBs Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 10/14] scsi: do not require a minimum allocation length for INQUIRY Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 11/14] scsi: do not require a minimum allocation length for REQUEST SENSE Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 12/14] scsi: set VALID bit to 0 in fixed format sense data Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 13/14] scsi: remove useless debug messages Paolo Bonzini
2012-05-04 8:45 ` [Qemu-devel] [PATCH 14/14] scsi: Add assertion for use-after-free errors Paolo Bonzini
2012-05-08 16:11 ` [Qemu-devel] [PULL 00/14] SCSI changes for 1.1 Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FA403BD.2050309@weilnetz.de \
--to=sw@weilnetz.de \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.