From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:58722)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TF4bj-0005vY-K9
	for qemu-devel@nongnu.org; Fri, 21 Sep 2012 10:53:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TF4bd-00006B-Pz
	for qemu-devel@nongnu.org; Fri, 21 Sep 2012 10:53:31 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:56278)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TF4bd-0008Uh-JI
	for qemu-devel@nongnu.org; Fri, 21 Sep 2012 10:53:25 -0400
Received: by mail-pb0-f45.google.com with SMTP id rp12so7853400pbb.4
	for <qemu-devel@nongnu.org>; Fri, 21 Sep 2012 07:53:25 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 21 Sep 2012 16:52:46 +0200
Message-Id: <1348239169-25040-5-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1348239169-25040-1-git-send-email-pbonzini@redhat.com>
References: <1348239169-25040-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PATCH 4/7] scsi-disk: fix check for out-of-range LBA
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: aliguori@us.ibm.com

This fix is needed to correctly handle 0-block read and writes.
Without it, a 0-block access at LBA 0 would underflow.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi-disk.c | 6 +++++-
 1 file modificato, 5 inserzioni(+). 1 rimozione(-)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 3959603..d621852 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1456,9 +1456,13 @@ static inline bool check_lba_range(SCSIDiskState *s,
      * The first line tests that no overflow happens when computing the last
      * sector.  The second line tests that the last accessed sector is in
      * range.
+     *
+     * Careful, the computations should not underflow for nb_sectors == 0,
+     * and a 0-block read to the first LBA beyond the end of device is
+     * valid.
      */
     return (sector_num <= sector_num + nb_sectors &&
-            sector_num + nb_sectors - 1 <= s->qdev.max_lba);
+            sector_num + nb_sectors <= s->qdev.max_lba + 1);
 }
 
 typedef struct UnmapCBData {
-- 
1.7.12