From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=53398 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PKpzf-0002Zy-AP
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:21:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1PKpze-0007o3-0O
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:20:59 -0500
Received: from mail-wy0-f173.google.com ([74.125.82.173]:45562)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1PKpzd-0007nq-RV
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:20:57 -0500
Received: by wyj26 with SMTP id 26so8539006wyj.4
	for <qemu-devel@nongnu.org>; Tue, 23 Nov 2010 02:20:57 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <4CEB939E.70700@suse.de>
References: <20101122101536.4DE10F90AD@ochil.suse.de>
	<AANLkTim_obvv33L1E-8XKvrco6ANuXmC2ZZgsd1i8mbN@mail.gmail.com>
	<4CEB939E.70700@suse.de>
Date: Tue, 23 Nov 2010 10:20:56 +0000
Message-ID: <AANLkTik9=q4F8CAH82qXRaBRFuvBQk_OpBZ5xxfOh4Py@mail.gmail.com>
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] Re: [PATCH] scsi-disk: add data direction checking
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Hannes Reinecke <hare@suse.de>
Cc: qemu-devel@nongnu.org, nab@linux-iscsi.org, kraxel@redhat.com

On Tue, Nov 23, 2010 at 10:12 AM, Hannes Reinecke <hare@suse.de> wrote:
> On 11/23/2010 11:03 AM, Stefan Hajnoczi wrote:
>> On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke <hare@suse.de> wrote:
>>> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
>>> =A0 =A0 /* No data transfer may already be in progress */
>>> =A0 =A0 assert(r->req.aiocb =3D=3D NULL);
>>>
>>> + =A0 =A0if (r->req.cmd.mode =3D=3D SCSI_XFER_TO_DEV)
>>> + =A0 =A0 =A0 =A0BADF("Data transfer direction invalid\n");
>>> +
>>> =A0 =A0 if (r->sector_count =3D=3D (uint32_t)-1) {
>>> =A0 =A0 =A0 =A0 DPRINTF("Read buf_len=3D%zd\n", r->iov[0].iov_len);
>>> =A0 =A0 =A0 =A0 r->sector_count =3D 0;
>>> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
>>> =A0 =A0 /* No data transfer may already be in progress */
>>> =A0 =A0 assert(r->req.aiocb =3D=3D NULL);
>>>
>>> + =A0 =A0if (r->req.cmd.mode !=3D SCSI_XFER_TO_DEV)
>>> + =A0 =A0 =A0 =A0BADF("Data transfer direction invalid\n");
>>> +
>>> =A0 =A0 n =3D iov_size(r->iov, r->iov_num) / 512;
>>> =A0 =A0 if (n) {
>>> =A0 =A0 =A0 =A0 qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);
>>
>> If the guest can trigger this then there must be a SCSI response (an
>> error?). =A0Right now BADF() will do fprintf(stderr) and then continue
>> executing.
>>
>> Can we abort the operation?
>>
> I've done a patch for it as per suggestion by hch.
> Right now we have
>
> =A0 =A0if (r->req.cmd.mode =3D=3D SCSI_XFER_TO_DEV) {
> =A0 =A0 =A0 =A0DPRINTF("Data transfer direction invalid\n");
> =A0 =A0 =A0 =A0scsi_read_complete(r, -EINVAL);
> =A0 =A0 =A0 =A0return;
> =A0 =A0}
>
> and -EINVAL will return the sense code 'INVALID FIELD IN CDB'.
> Will be in the next patchset.

Sounds good.

Stefan