From: Paolo Bonzini <pbonzini@redhat.com>
To: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] SCSI: improve the lba-out-of-range tests for read/write/verify
Date: Thu, 12 Jul 2012 09:04:58 +0200 [thread overview]
Message-ID: <4FFE771A.7030503@redhat.com> (raw)
In-Reply-To: <1342075967-26378-2-git-send-email-ronniesahlberg@gmail.com>
Il 12/07/2012 08:52, Ronnie Sahlberg ha scritto:
> Improve the tests for the LBA to cover more cases, the new test looks like this
> if (r->req.cmd.lba > r->req.cmd.lba + len
> || r->req.cmd.lba + len > s->qdev.max_lba) {
>
> For the 16 byte opcodes, the lba is a uint64, so the first check is to make sure that we do not wrap.
> For example if an opcode would specify the LBA:0xffffffffffffffff and LEN:2
> then lba+len would wrap to 1.
>
> The second part of the test is to verify that ALL requested blocks are available, not just the first one.
Fixed code style for || and applied to scsi-next.
Thanks!
Paolo
> Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
> ---
> hw/scsi-disk.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
> index b2f3c0c..40c05de 100644
> --- a/hw/scsi-disk.c
> +++ b/hw/scsi-disk.c
> @@ -1558,7 +1558,8 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
> if (r->req.cmd.buf[1] & 0xe0) {
> goto fail;
> }
> - if (r->req.cmd.lba > s->qdev.max_lba) {
> + if (r->req.cmd.lba > r->req.cmd.lba + len
> + || r->req.cmd.lba + len > s->qdev.max_lba) {
> goto illegal_lba;
> }
> r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
> @@ -1581,7 +1582,8 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
> if (r->req.cmd.buf[1] & 0xe0) {
> goto fail;
> }
> - if (r->req.cmd.lba > s->qdev.max_lba) {
> + if (r->req.cmd.lba > r->req.cmd.lba + len
> + || r->req.cmd.lba + len > s->qdev.max_lba) {
> goto illegal_lba;
> }
> r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
>
next prev parent reply other threads:[~2012-07-12 7:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-12 6:52 [Qemu-devel] [PATCH] SCSI improved LBA-out-of-range checks Ronnie Sahlberg
2012-07-12 6:52 ` [Qemu-devel] [PATCH] SCSI: improve the lba-out-of-range tests for read/write/verify Ronnie Sahlberg
2012-07-12 7:04 ` Paolo Bonzini [this message]
2012-07-12 7:06 ` ronnie sahlberg
2012-07-12 7:15 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FFE771A.7030503@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=ronniesahlberg@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.