From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=56453 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PUrRn-0004qM-8P
	for qemu-devel@nongnu.org; Mon, 20 Dec 2010 20:55:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <benh@kernel.crashing.org>) id 1PUrRm-0003dh-Af
	for qemu-devel@nongnu.org; Mon, 20 Dec 2010 20:55:27 -0500
Received: from gate.crashing.org ([63.228.1.57]:37797)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benh@kernel.crashing.org>) id 1PUrRm-0003dZ-3B
	for qemu-devel@nongnu.org; Mon, 20 Dec 2010 20:55:26 -0500
Subject: Re: [Qemu-devel] Re: [PATCH] scsi-generic: bugfixes for
	'SCSIRequest' conversion
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
In-Reply-To: <1290595993.2509.8.camel@haakon2.linux-iscsi.org>
References: <1290586723-8724-1-git-send-email-nab@linux-iscsi.org>
	<4CECD36E.50401@suse.de> <4CECD50F.9060501@redhat.com>
	<4CECE609.7080600@suse.de>
	<1290595993.2509.8.camel@haakon2.linux-iscsi.org>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 21 Dec 2010 12:49:56 +1100
Message-ID: <1292896196.16694.652.camel@pasglop>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Cc: Kevin Wolf <kwolf@redhat.com>, Gerd@gnu.org, Hajnoczi <stefanha@gmail.com>, Stefan@gnu.org, qemu-devel <qemu-devel@nongnu.org>, Hannes Reinecke <hare@suse.de>, Paolo Bonzini <pbonzini@redhat.com>, linux-iscsi-target-dev@googlegroups.com, Hoffmann <kraxel@redhat.com>


> Yep, so it appears that commit 89c0f6438d16 did introduce the bogus
> 'double complete' in scsi_read_complete, which I think was intended to
> handle residual counts for TYPE_TYPE...
> 
>  /* Cancel a pending data transfer.  */
> @@ -251,6 +257,8 @@ static void scsi_read_complete(void * opaque, int ret)
> 
>      r->len = -1;
>      s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
> +    if (len == 0)
> +        scsi_command_complete(r, 0);
>  }
> 
> I am currently under the assumption for this and bsg_read_complete that
> s->completion(..., len) is handling the residual count back to block.
> 
> Is this correct..?

So I just debugged a crash where loading my vscsi driver kills qemu
(segfault) after trying to complete a command twice with scsi-generic.

Removing the above hunk fixes it. So this is a genuine fix that should
be applied (asap even :-)

I still have an odd problem with scsi-disk.c where reading from an
empty cdrom drive crashes it, I'll debug that later.

Cheers,
Ben.