From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH v4 17/18] scsi: fix searching for an empty id
Date: Wed, 22 Feb 2012 15:33:55 +0100 [thread overview]
Message-ID: <1329921236-23461-18-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1329921236-23461-1-git-send-email-pbonzini@redhat.com>
The conditions for detecting no free target or LUN were wrong.
The LUN loop was followed by an "if" condition that is never true, because
the loop is exited as soon as lun becomes equal to bus->info->max_lun,
and never becomes greater than it.
The target loop had a wrong condition (<= instead of <). Once this is
fixed, the loop would fail in the same way as the LUN loop.
The fix is to see whether scsi_device_find returned the device with the
last (channel, target, LUN) pair, and fail if so.
In addition, scsi_bus_legacy_handle_cmdline also had an off-by-one error.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi-bus.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 2cf2f0d..2cb5a18 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -132,6 +132,10 @@ static int scsi_qdev_init(DeviceState *qdev)
error_report("bad scsi device id: %d", dev->id);
goto err;
}
+ if (dev->lun != -1 && dev->lun > bus->info->max_lun) {
+ error_report("bad scsi device lun: %d", dev->lun);
+ goto err;
+ }
if (dev->id == -1) {
int id = -1;
@@ -140,8 +144,8 @@ static int scsi_qdev_init(DeviceState *qdev)
}
do {
d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
- } while (d && d->lun == dev->lun && id <= bus->info->max_target);
- if (id > bus->info->max_target) {
+ } while (d && d->lun == dev->lun && id < bus->info->max_target);
+ if (d && d->lun == dev->lun) {
error_report("no free target");
goto err;
}
@@ -151,14 +155,15 @@ static int scsi_qdev_init(DeviceState *qdev)
do {
d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
} while (d && d->lun == lun && lun < bus->info->max_lun);
- if (lun > bus->info->max_lun) {
+ if (d && d->lun == lun) {
error_report("no free lun");
goto err;
}
dev->lun = lun;
} else {
d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
- if (dev->lun == d->lun && dev != d) {
+ assert(d);
+ if (d->lun == dev->lun && dev != d) {
qdev_free(&d->qdev);
}
}
@@ -217,7 +222,7 @@ int scsi_bus_legacy_handle_cmdline(SCSIBus *bus)
int res = 0, unit;
loc_push_none(&loc);
- for (unit = 0; unit < bus->info->max_target; unit++) {
+ for (unit = 0; unit <= bus->info->max_target; unit++) {
dinfo = drive_get(IF_SCSI, bus->busnr, unit);
if (dinfo == NULL) {
continue;
--
1.7.7.6
next prev parent reply other threads:[~2012-02-22 14:35 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-22 14:33 [Qemu-devel] [PULL v4 00/18] virtio-scsi driver Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 01/18] dma-helpers: make QEMUSGList target independent Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 02/18] dma-helpers: add dma_buf_read and dma_buf_write Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 03/18] dma-helpers: add accounting wrappers Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 04/18] ahci: use new DMA helpers Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 05/18] scsi: pass residual amount to command_complete Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 06/18] scsi: add scatter/gather functionality Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 07/18] scsi-disk: enable " Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 08/18] scsi: add SCSIDevice vmstate definitions Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 09/18] scsi-generic: add migration support Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 10/18] scsi-disk: " Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 11/18] virtio-scsi: Add virtio-scsi stub device Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 12/18] virtio-scsi: Add basic request processing infrastructure Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 13/18] virtio-scsi: add basic SCSI bus operation Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 14/18] virtio-scsi: process control queue requests Paolo Bonzini
2012-02-24 7:54 ` Hu Tao
2012-02-24 8:56 ` Paolo Bonzini
2012-02-24 13:58 ` Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 15/18] virtio-scsi: add migration support Paolo Bonzini
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 16/18] scsi: fix wrong return for target INQUIRY Paolo Bonzini
2012-02-22 14:33 ` Paolo Bonzini [this message]
2012-02-22 14:33 ` [Qemu-devel] [PATCH v4 18/18] scsi-block: always use scsi_generic_ops for cache != none Paolo Bonzini
2012-02-24 16:34 ` [Qemu-devel] [PULL v4 00/18] virtio-scsi driver Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1329921236-23461-18-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).