From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53322)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1Uph2t-00062X-6I
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 11:45:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1Uph2q-00031Z-3Y
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 11:45:10 -0400
Received: from mx1.redhat.com ([209.132.183.28]:23577)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1Uph2p-00031B-Rq
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 11:45:08 -0400
Message-ID: <51C32410.8070904@redhat.com>
Date: Thu, 20 Jun 2013 17:47:28 +0200
From: Laszlo Ersek <lersek@redhat.com>
MIME-Version: 1.0
References: <20130616234827.23764.98763.malonedeb@wampee.canonical.com>
	<20130618180122.22327.47349.malone@gac.canonical.com>
	<51C0B6D8.5090900@redhat.com>
	<CAN05THSA98Nk3x_5rwi9iEFSGs+wS9FJiCHGN3dKfPM20rzbeg@mail.gmail.com>
	<51C17724.5040309@redhat.com>
	<CAN05THQ8D6DyUJNAZga0KHj031GWLtZETYhBVBrBwVp2dZFmQw@mail.gmail.com>
	<51C3160A.3030003@redhat.com>
	<CAN05THT87GOE=E5+=45G8yJqgobFPLUYVX+_AyWdh5i-L6q0EA@mail.gmail.com>
In-Reply-To: <CAN05THT87GOE=E5+=45G8yJqgobFPLUYVX+_AyWdh5i-L6q0EA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [Bug 1191606] Re: qemu crashes with iscsi
 initiator (libiscsi) when using virtio
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: ronnie sahlberg <ronniesahlberg@gmail.com>
Cc: Bug 1191606 <1191606@bugs.launchpad.net>, qemu-devel <qemu-devel@nongnu.org>

On 06/20/13 17:31, ronnie sahlberg wrote:
> On Thu, Jun 20, 2013 at 7:47 AM, Laszlo Ersek <lersek@redhat.com> wrote:

>> First I don't understand how access_len can only be "1". But, in any
>> case, if the "req->elem.in_sg[0].iov_base" pointer is stored in
>> little-endian order, and the kernel (or iscsi_scsi_command_async()?) for
>> whatever reason misinterprets "hdr.dxferp" to point at an actual receive
>> buffer (instead of an iovec array), that would be consistent with the
>> symptoms:
> 
> Ah, that makes sense.
> 
> block.iscsi.c   (https://github.com/qemu/qemu/blob/master/block/iscsi.c)
> does assume that ioh->dxferp is a pointer to the buffer and that there
> is no scatter gather.
> See lines  745-749.

How could I miss that? :) I stopped looking at the
iscsi_scsi_command_async() call on line 734. Sheesh.

> I did not know that ioctl() could take a scatter/gather list.
> 
> 
> I cant test now  but if I understand right then
> lines 745-749 should be replaced with something that does
> 
> * check ioh->iovec_count IF if it zero then there is no scatter gather
> and ioh->dxferp points to a buffer,  so just do what we do today.
> * IF iovec_count is > 0  then dxferp is NOT a pointer to a buffer but
> a pointer to an array of iovec then
> traverse the iovec array and add these as buffers to the task just
> like we do for readv. For example similar to the loop to add the
> iovecs in lines 449-453

Seems correct to me.

> 
> 
> I will try this tonight.

Thanks!
Laszlo