From patchwork Wed Feb 22 14:33:55 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 142497 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [140.186.70.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 6E347B6EF1 for ; Thu, 23 Feb 2012 02:27:26 +1100 (EST) Received: from localhost ([::1]:41132 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S0E6F-0002Nk-Fh for incoming@patchwork.ozlabs.org; Wed, 22 Feb 2012 10:27:23 -0500 Received: from eggs.gnu.org ([140.186.70.92]:37820) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S0DHa-0004SP-Sl for qemu-devel@nongnu.org; Wed, 22 Feb 2012 09:35:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1S0DHU-0002VB-Nz for qemu-devel@nongnu.org; Wed, 22 Feb 2012 09:35:02 -0500 Received: from mail-pw0-f45.google.com ([209.85.160.45]:64984) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1S0DHU-0002M5-D7 for qemu-devel@nongnu.org; Wed, 22 Feb 2012 09:34:56 -0500 Received: by mail-pw0-f45.google.com with SMTP id ro12so281162pbb.4 for ; Wed, 22 Feb 2012 06:34:55 -0800 (PST) Received-SPF: pass (google.com: domain of paolo.bonzini@gmail.com designates 10.68.241.170 as permitted sender) client-ip=10.68.241.170; Authentication-Results: mr.google.com; spf=pass (google.com: domain of paolo.bonzini@gmail.com designates 10.68.241.170 as permitted sender) smtp.mail=paolo.bonzini@gmail.com; dkim=pass header.i=paolo.bonzini@gmail.com Received: from mr.google.com ([10.68.241.170]) by 10.68.241.170 with SMTP id wj10mr90579718pbc.42.1329921295978 (num_hops = 1); Wed, 22 Feb 2012 06:34:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:from:to:subject:date:message-id:x-mailer:in-reply-to :references; bh=dkzoT4bhxRveKtgWVHkHsqbZkzhrxooU8AndrCqTe/w=; b=syugNzyWvPYyDLhdBKDrUgJxDLcksO/4bKPCEYELeJhXR2P+AP41K30QVVV4XhZ3ma lDcOPbc3pvtRjq3Voj+XkY8JtAXi4ufC5QP5/gHn3IrgGdQ8jGRRgHPgYFiGGpPDo0+k tjfjjEPCJrTW/04PFMG3KS1PM1glfxeKjdyQo= Received: by 10.68.241.170 with SMTP id wj10mr74584473pbc.42.1329921295928; Wed, 22 Feb 2012 06:34:55 -0800 (PST) Received: from yakj.usersys.redhat.com (93-34-182-16.ip50.fastwebnet.it. [93.34.182.16]) by mx.google.com with ESMTPS id q1sm19120759pbv.49.2012.02.22.06.34.53 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 22 Feb 2012 06:34:54 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Wed, 22 Feb 2012 15:33:55 +0100 Message-Id: <1329921236-23461-18-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.7.7.6 In-Reply-To: <1329921236-23461-1-git-send-email-pbonzini@redhat.com> References: <1329921236-23461-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.160.45 Subject: [Qemu-devel] [PATCH v4 17/18] scsi: fix searching for an empty id X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The conditions for detecting no free target or LUN were wrong. The LUN loop was followed by an "if" condition that is never true, because the loop is exited as soon as lun becomes equal to bus->info->max_lun, and never becomes greater than it. The target loop had a wrong condition (<= instead of <). Once this is fixed, the loop would fail in the same way as the LUN loop. The fix is to see whether scsi_device_find returned the device with the last (channel, target, LUN) pair, and fail if so. In addition, scsi_bus_legacy_handle_cmdline also had an off-by-one error. Signed-off-by: Paolo Bonzini --- hw/scsi-bus.c | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-) diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c index 2cf2f0d..2cb5a18 100644 --- a/hw/scsi-bus.c +++ b/hw/scsi-bus.c @@ -132,6 +132,10 @@ static int scsi_qdev_init(DeviceState *qdev) error_report("bad scsi device id: %d", dev->id); goto err; } + if (dev->lun != -1 && dev->lun > bus->info->max_lun) { + error_report("bad scsi device lun: %d", dev->lun); + goto err; + } if (dev->id == -1) { int id = -1; @@ -140,8 +144,8 @@ static int scsi_qdev_init(DeviceState *qdev) } do { d = scsi_device_find(bus, dev->channel, ++id, dev->lun); - } while (d && d->lun == dev->lun && id <= bus->info->max_target); - if (id > bus->info->max_target) { + } while (d && d->lun == dev->lun && id < bus->info->max_target); + if (d && d->lun == dev->lun) { error_report("no free target"); goto err; } @@ -151,14 +155,15 @@ static int scsi_qdev_init(DeviceState *qdev) do { d = scsi_device_find(bus, dev->channel, dev->id, ++lun); } while (d && d->lun == lun && lun < bus->info->max_lun); - if (lun > bus->info->max_lun) { + if (d && d->lun == lun) { error_report("no free lun"); goto err; } dev->lun = lun; } else { d = scsi_device_find(bus, dev->channel, dev->id, dev->lun); - if (dev->lun == d->lun && dev != d) { + assert(d); + if (d->lun == dev->lun && dev != d) { qdev_free(&d->qdev); } } @@ -217,7 +222,7 @@ int scsi_bus_legacy_handle_cmdline(SCSIBus *bus) int res = 0, unit; loc_push_none(&loc); - for (unit = 0; unit < bus->info->max_target; unit++) { + for (unit = 0; unit <= bus->info->max_target; unit++) { dinfo = drive_get(IF_SCSI, bus->busnr, unit); if (dinfo == NULL) { continue;