From patchwork Thu Jan 10 14:29:57 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 211019 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id EBFE02C030F for ; Fri, 11 Jan 2013 01:30:36 +1100 (EST) Received: from localhost ([::1]:49171 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TtJ9P-0001zn-1X for incoming@patchwork.ozlabs.org; Thu, 10 Jan 2013 09:30:35 -0500 Received: from eggs.gnu.org ([208.118.235.92]:48995) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TtJ9E-0001zi-5S for qemu-devel@nongnu.org; Thu, 10 Jan 2013 09:30:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TtJ8z-00027b-Fz for qemu-devel@nongnu.org; Thu, 10 Jan 2013 09:30:24 -0500 Received: from mail-vc0-f173.google.com ([209.85.220.173]:55611) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TtJ8y-00020r-8f for qemu-devel@nongnu.org; Thu, 10 Jan 2013 09:30:09 -0500 Received: by mail-vc0-f173.google.com with SMTP id f13so464892vcb.4 for ; Thu, 10 Jan 2013 06:30:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:from:to:subject:date:message-id:x-mailer; bh=g99uUGnckO9oYZkm2Wn1EeLfqEIzdZvdKsq2zGU7Sqs=; b=XIH0McDQOuslg2x1bmkhI6lf8MTQVeveAZjZT9VpL0p3tcYBCFjuSI/yxKfFJurpZL gdUCglkd5ZbVdr927v8gVR8ha3OoLEEDokln0nUaPKQuz0t4ktLeJYS1MPGu5kptTkv1 ZqxFj2Es9GkxwM9bV7rPMJJlS5I5xj2Xv4qiT9HYkVAIBX9HdY3OBMGirs7fDlZ8nFEY gp+ou5giWoRgPL1EJInRl0SOseWxWCkF5IfNeqQmdjOBgwtQ0cQDbgVuC4M0pZpqcNbp +XtFJMwW8LFLjBctPt2B2WoYi7xyylwxoV9cQnSCPKoNr29/CHgdJR75KHUvCrBD1agx Ii1g== X-Received: by 10.58.162.130 with SMTP id ya2mr93909574veb.2.1357828204217; Thu, 10 Jan 2013 06:30:04 -0800 (PST) Received: from yakj.usersys.redhat.com (93-34-179-137.ip50.fastwebnet.it. [93.34.179.137]) by mx.google.com with ESMTPS id gl6sm364264vec.4.2013.01.10.06.30.02 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 10 Jan 2013 06:30:03 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Thu, 10 Jan 2013 15:29:57 +0100 Message-Id: <1357828197-852-1-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 209.85.220.173 Subject: [Qemu-devel] [PATCH] scsi: fix segfault with 0-byte disk X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org When a 0-sized disk is found, READ CAPACITY will return a LUN NOT READY error. However, because it returns -1 instead of zero, the HBA will call scsi_req_continue. This will typically cause a segmentation fault or an assertion failure. Signed-off-by: Paolo Bonzini --- hw/scsi-disk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c index a69735b..ae9439d 100644 --- a/hw/scsi-disk.c +++ b/hw/scsi-disk.c @@ -1682,7 +1682,7 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); if (!nb_sectors) { scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); - return -1; + return 0; } if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { goto illegal_request; @@ -1751,7 +1751,7 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); if (!nb_sectors) { scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); - return -1; + return 0; } if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { goto illegal_request;