[Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Paolo Bonzini]

qsgl->size is the size of the data field after the request or
response header (virtio-scsi currently supports only one such
field; bidirectional requests are not supported).  However,
the used ring's len field is not concerned about the field
after the request header, so do not count it unless req->mode
signals the request was a read.

Also, do not report that anything was written if the request
failed, and subtract any residual bytes in case of buffer underrun.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/virtio-scsi.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index c9bea06..4995f6e 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -65,6 +65,19 @@ void virtio_scsi_free_req(VirtIOSCSIReq *req)
     g_slice_free1(sizeof(*req) + vs->cdb_size, req);
 }
 
+static size_t virtio_scsi_written_length(VirtIODevice *vdev, VirtIOSCSIReq *req)
+{
+    size_t sz = req->resp_iov.size;
+
+    if (req->sreq &&
+        req->mode == SCSI_XFER_FROM_DEV &&
+        req->resp.cmd.response == VIRTIO_SCSI_S_OK) {
+        sz += req->qsgl.size - virtio_tswap32(vdev, req->resp.cmd.resid);
+    }
+
+    return sz;
+}
+
 static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
 {
     VirtIOSCSI *s = req->dev;
@@ -76,7 +89,7 @@ static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
         assert(req->vq == NULL);
         virtio_scsi_vring_push_notify(req);
     } else {
-        virtqueue_push(vq, &req->elem, req->qsgl.size + req->resp_iov.size);
+        virtqueue_push(vq, &req->elem, virtio_scsi_written_length(vdev, req));
         virtio_notify(vdev, vq);
     }
 
-- 
2.3.5

Re: [Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Michael S. Tsirkin]

On Mon, Apr 27, 2015 at 02:29:25PM +0200, Paolo Bonzini wrote:
> qsgl->size is the size of the data field after the request or
> response header (virtio-scsi currently supports only one such
> field; bidirectional requests are not supported).  However,
> the used ring's len field is not concerned about the field
> after the request header, so do not count it unless req->mode
> signals the request was a read.
> 
> Also, do not report that anything was written if the request
> failed, and subtract any residual bytes in case of buffer underrun.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Acked-by: Michael S. Tsirkin <mst@redhat.com>

Pls merge through the storage tree.

Also, can you pls fix up blk similarly?


> ---
>  hw/scsi/virtio-scsi.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
> index c9bea06..4995f6e 100644
> --- a/hw/scsi/virtio-scsi.c
> +++ b/hw/scsi/virtio-scsi.c
> @@ -65,6 +65,19 @@ void virtio_scsi_free_req(VirtIOSCSIReq *req)
>      g_slice_free1(sizeof(*req) + vs->cdb_size, req);
>  }
>  
> +static size_t virtio_scsi_written_length(VirtIODevice *vdev, VirtIOSCSIReq *req)
> +{
> +    size_t sz = req->resp_iov.size;
> +
> +    if (req->sreq &&
> +        req->mode == SCSI_XFER_FROM_DEV &&
> +        req->resp.cmd.response == VIRTIO_SCSI_S_OK) {
> +        sz += req->qsgl.size - virtio_tswap32(vdev, req->resp.cmd.resid);
> +    }
> +
> +    return sz;
> +}
> +
>  static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
>  {
>      VirtIOSCSI *s = req->dev;
> @@ -76,7 +89,7 @@ static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
>          assert(req->vq == NULL);
>          virtio_scsi_vring_push_notify(req);
>      } else {
> -        virtqueue_push(vq, &req->elem, req->qsgl.size + req->resp_iov.size);
> +        virtqueue_push(vq, &req->elem, virtio_scsi_written_length(vdev, req));
>          virtio_notify(vdev, vq);
>      }
>  
> -- 
> 2.3.5

Re: [Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Paolo Bonzini]

On 27/04/2015 15:23, Michael S. Tsirkin wrote:
> On Mon, Apr 27, 2015 at 02:29:25PM +0200, Paolo Bonzini wrote:
>> > qsgl->size is the size of the data field after the request or
>> > response header (virtio-scsi currently supports only one such
>> > field; bidirectional requests are not supported).  However,
>> > the used ring's len field is not concerned about the field
>> > after the request header, so do not count it unless req->mode
>> > signals the request was a read.
>> > 
>> > Also, do not report that anything was written if the request
>> > failed, and subtract any residual bytes in case of buffer underrun.
>> > 
>> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> Acked-by: Michael S. Tsirkin <mst@redhat.com>
> 
> Pls merge through the storage tree.

Ok, I'll take it through the SCSI tree then.

> Also, can you pls fix up blk similarly?

Because virtio-blk uses a response footer and virtio-scsi uses a
response header, fixing virtio-blk is much harder.  You need to add a
new argument to virtqueue_push.  I'd really prefer someone else to do it...

Paolo

Re: [Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Michael S. Tsirkin]

On Mon, Apr 27, 2015 at 03:28:34PM +0200, Paolo Bonzini wrote:
> 
> 
> On 27/04/2015 15:23, Michael S. Tsirkin wrote:
> > On Mon, Apr 27, 2015 at 02:29:25PM +0200, Paolo Bonzini wrote:
> >> > qsgl->size is the size of the data field after the request or
> >> > response header (virtio-scsi currently supports only one such
> >> > field; bidirectional requests are not supported).  However,
> >> > the used ring's len field is not concerned about the field
> >> > after the request header, so do not count it unless req->mode
> >> > signals the request was a read.
> >> > 
> >> > Also, do not report that anything was written if the request
> >> > failed, and subtract any residual bytes in case of buffer underrun.
> >> > 
> >> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > Acked-by: Michael S. Tsirkin <mst@redhat.com>
> > 
> > Pls merge through the storage tree.
> 
> Ok, I'll take it through the SCSI tree then.
> 
> > Also, can you pls fix up blk similarly?
> 
> Because virtio-blk uses a response footer and virtio-scsi uses a
> response header, fixing virtio-blk is much harder.  You need to add a
> new argument to virtqueue_push.  I'd really prefer someone else to do it...
> 
> Paolo

OK but what's the desired API?
Do you know the host length or might any part of iov
be dirty?

-- 
MST

Re: [Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Paolo Bonzini]

On 27/04/2015 16:04, Michael S. Tsirkin wrote:
>> > Because virtio-blk uses a response footer and virtio-scsi uses a
>> > response header, fixing virtio-blk is much harder.  You need to add a
>> > new argument to virtqueue_push.  I'd really prefer someone else to do it...
>> > 
>> > Paolo
> OK but what's the desired API?
> Do you know the host length or might any part of iov
> be dirty?

For a 1-sector request and a 2048+1 bytes iov, I know that I've written
bytes 0-511 and byte 2048.

So I have to dirty all 2049 bytes, but the written length should be 512.
 Right now we pass 2049 to virtqueue_push and write 2049 to the written
length, I'd need another argument to pass the 512.

Paolo

Re: [Qemu-devel] [PATCH] virtio-scsi: fix "written length" field in the used ring

[Michael S. Tsirkin]

On Mon, Apr 27, 2015 at 04:18:43PM +0200, Paolo Bonzini wrote:
> 
> 
> On 27/04/2015 16:04, Michael S. Tsirkin wrote:
> >> > Because virtio-blk uses a response footer and virtio-scsi uses a
> >> > response header, fixing virtio-blk is much harder.  You need to add a
> >> > new argument to virtqueue_push.  I'd really prefer someone else to do it...
> >> > 
> >> > Paolo
> > OK but what's the desired API?
> > Do you know the host length or might any part of iov
> > be dirty?
> 
> For a 1-sector request and a 2048+1 bytes iov, I know that I've written
> bytes 0-511 and byte 2048.
> 
> So I have to dirty all 2049 bytes, but the written length should be 512.
>  Right now we pass 2049 to virtqueue_push and write 2049 to the written
> length, I'd need another argument to pass the 512.
> 
> Paolo

OK, I sent a patch with a new API, pls take a look.
Can you implement your patch on top?