From patchwork Fri May  4 08:45:45 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 156839
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 84FD5B6FD7
	for <incoming@patchwork.ozlabs.org>;
	Fri,  4 May 2012 19:32:30 +1000 (EST)
Received: from localhost ([::1]:45768 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1SQEAB-00087j-9O
	for incoming@patchwork.ozlabs.org; Fri, 04 May 2012 04:46:55 -0400
Received: from eggs.gnu.org ([208.118.235.92]:49248)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SQE9n-0007IW-HA
	for qemu-devel@nongnu.org; Fri, 04 May 2012 04:46:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SQE9i-0007MB-I6
	for qemu-devel@nongnu.org; Fri, 04 May 2012 04:46:31 -0400
Received: from mail-pz0-f44.google.com ([209.85.210.44]:52841)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SQE9i-0007F2-8z
	for qemu-devel@nongnu.org; Fri, 04 May 2012 04:46:26 -0400
Received: by mail-pz0-f44.google.com with SMTP id x6so2969373dac.31
	for <qemu-devel@nongnu.org>; Fri, 04 May 2012 01:46:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=n0k63Dr1JJx2hj2lgRdrzTyJXwzxZzXYBW+Pwoytp/U=;
	b=Macpg9jQB07aq/g6hqRPJ3qo6tNKBSgoz/HFySSHrFrzLxQoy0wP5WhCDHrR5cirnW
	rl6B0VHwmVZahP0AjhVo6YrFmrBEIPE69/KxVDUA3UG1WGmpoyA0ljc3/WcVsk1tC45Y
	H99jGrkp5WFL1ss02Xf/qnqWxchH3o70kwhbNCSuJsDrLOsJGDYnBJsRiX/vTWutBF0m
	yvqIAH4aeKN7gHzE6MahSSEPS9iNLo8ZNlt6BP/mSq/IREgekYOa5GY461A2JUfDQ3x6
	Z1+yEjn1L/HHkQTjN0Qw1Pi4hrhajvsT+hh+tnlGCgmxdqjl8X6Ny/6mBHB+g5L1q8DK
	6jVw==
Received: by 10.68.134.8 with SMTP id pg8mr15888886pbb.152.1336121185314;
	Fri, 04 May 2012 01:46:25 -0700 (PDT)
Received: from yakj.usersys.redhat.com (93-34-182-16.ip50.fastwebnet.it.
	[93.34.182.16]) by mx.google.com with ESMTPS id
	gv2sm7975340pbc.73.2012.05.04.01.46.21
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 04 May 2012 01:46:23 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Fri,  4 May 2012 10:45:45 +0200
Message-Id: <1336121154-26517-6-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.7.9.3
In-Reply-To: <1336121154-26517-1-git-send-email-pbonzini@redhat.com>
References: <1336121154-26517-1-git-send-email-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 209.85.210.44
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Subject: [Qemu-devel] [PATCH 05/14] scsi: Specify the xfer direction for
	UNMAP and ATA_PASSTHROUGH commands
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Ronnie Sahlberg <ronniesahlberg@gmail.com>

scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI
commands that come in from the guest.  If the direction is set incorrectly
this will eventually cause QEMU to kernel-panic the guest.

Add UNMAP and ATAPASSTHROUGH as commands that send data to the device.

Without this change, recent kernels will send both UNMAP as well
as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the
incorrect xfer direction very quickly causes the guest kernel to crash.

Example causing a crash without the patch applied:

./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi-bus.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 5640aae..08d5088 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -940,6 +940,7 @@ static void scsi_cmd_xfer_mode(SCSICommand *cmd)
     case WRITE_LONG_10:
     case WRITE_SAME_10:
     case WRITE_SAME_16:
+    case UNMAP:
     case SEARCH_HIGH_12:
     case SEARCH_EQUAL_12:
     case SEARCH_LOW_12:
@@ -949,6 +950,7 @@ static void scsi_cmd_xfer_mode(SCSICommand *cmd)
     case SEND_DVD_STRUCTURE:
     case PERSISTENT_RESERVE_OUT:
     case MAINTENANCE_OUT:
+    case ATA_PASSTHROUGH:
         cmd->mode = SCSI_XFER_TO_DEV;
         break;
     default: