From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=46785 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PKpio-00056b-Hj
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:03:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1PKpin-0003ye-De
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:03:34 -0500
Received: from mail-ey0-f173.google.com ([209.85.215.173]:33343)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1PKpin-0003yU-9I
	for qemu-devel@nongnu.org; Tue, 23 Nov 2010 05:03:33 -0500
Received: by eya25 with SMTP id 25so4895985eya.4
	for <qemu-devel@nongnu.org>; Tue, 23 Nov 2010 02:03:32 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20101122101536.4DE10F90AD@ochil.suse.de>
References: <20101122101536.4DE10F90AD@ochil.suse.de>
Date: Tue, 23 Nov 2010 10:03:31 +0000
Message-ID: <AANLkTim_obvv33L1E-8XKvrco6ANuXmC2ZZgsd1i8mbN@mail.gmail.com>
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] Re: [PATCH] scsi-disk: add data direction checking
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Hannes Reinecke <hare@suse.de>
Cc: qemu-devel@nongnu.org, nab@linux-iscsi.org, kraxel@redhat.com

On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke <hare@suse.de> wrote:
> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
> =A0 =A0 /* No data transfer may already be in progress */
> =A0 =A0 assert(r->req.aiocb =3D=3D NULL);
>
> + =A0 =A0if (r->req.cmd.mode =3D=3D SCSI_XFER_TO_DEV)
> + =A0 =A0 =A0 =A0BADF("Data transfer direction invalid\n");
> +
> =A0 =A0 if (r->sector_count =3D=3D (uint32_t)-1) {
> =A0 =A0 =A0 =A0 DPRINTF("Read buf_len=3D%zd\n", r->iov[0].iov_len);
> =A0 =A0 =A0 =A0 r->sector_count =3D 0;
> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
> =A0 =A0 /* No data transfer may already be in progress */
> =A0 =A0 assert(r->req.aiocb =3D=3D NULL);
>
> + =A0 =A0if (r->req.cmd.mode !=3D SCSI_XFER_TO_DEV)
> + =A0 =A0 =A0 =A0BADF("Data transfer direction invalid\n");
> +
> =A0 =A0 n =3D iov_size(r->iov, r->iov_num) / 512;
> =A0 =A0 if (n) {
> =A0 =A0 =A0 =A0 qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);

If the guest can trigger this then there must be a SCSI response (an
error?).  Right now BADF() will do fprintf(stderr) and then continue
executing.

Can we abort the operation?

Stefan