From patchwork Wed Sep 13 20:44:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
X-Patchwork-Id: 1833708
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (4096-bit key;
 unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256
 header.s=20220518 header.b=L5DuVP03;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org
 (client-ip=209.51.188.17; helo=lists.gnu.org;
 envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
 receiver=patchwork.ozlabs.org)
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RmCCL0bZgz1yhn
	for <incoming@patchwork.ozlabs.org>; Thu, 14 Sep 2023 06:45:50 +1000 (AEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qgWj0-0007wN-7i; Wed, 13 Sep 2023 16:44:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWiw-0007w7-IT
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:34 -0400
Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWir-0007NS-CQ
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version:
 References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc:
 Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
 List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=DVxzxH+aMVL1Mz4gK1nPDYOSkhTi79kfdn8A6RFNfUs=; b=L5DuVP03okpisSZhps1ev3WEuh
 xeQP1M1H4vZ37ZucteHUAfSwFQ5VJbf8HX9FfSDFVmCWr2z7CM/+/mn/vijl7mYmaYmVn8eOTpIww
 JH6D2Q+8YgVmd/0sgUUhxkKCZhIPJnV8GPyEaMtiaTmzA4iDuDDD01j9pc7Sd3B/Ml2ezwXbNW+Ro
 E6SBlkynaiaPYCyM4LDvf2XRe1BDLdBrtWJHoZmnLq0L+LXbgE8Bukt2aZRLL6a6L/dP2JeCMCVXb
 h9x/LIqAdcx+nQsQqffWyaQapRdmt8jj5NUzHh6piuBgm1LNFf0wZxNgCOFFS7LZH7QHwkjZyiRv4
 pL3BrCd+PasTMuXFZPfHfJg9wBNXfTA+oOc5Pkq6EhqPgoxEbQI7C/vbi//HSQrod5/mSHLjWq4bd
 xfT28dSX1hjVWy0WTUH4pIGjt7M4thOSoDd79ecDsQvDnk2O0/9MvUVf0mzyHdi5/28tR3/ZRQZJw
 VKO8nC+a23aAa3uwi6eEYkDgOZkwXS38enckqu5J4zJEc/+04RWyUgeN74ml+WrcorRXwIdNAWbe9
 3P8GljLvDWR9vUW9OF4vLv1w3N8qbV90mBz6LFZsN0rmpgUMo44nvtBksMi7FhRl0AG4giUscAClx
 +Amx5YKzSWf+PgVHxg9JstJuCxaXPGN/UT7YJUrH8=;
Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a]
 (helo=localhost.localdomain)
 by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWid-0003uU-P8; Wed, 13 Sep 2023 21:44:19 +0100
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
To: pbonzini@redhat.com,
	fam@euphon.net,
	qemu-devel@nongnu.org
Date: Wed, 13 Sep 2023 21:44:08 +0100
Message-Id: <20230913204410.65650-2-mark.cave-ayland@ilande.co.uk>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a
X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk
Subject: [PATCH 1/3] esp: use correct type for esp_dma_enable() in
 sysbus_esp_gpio_demux()
X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000)
X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk)
Received-SPF: pass client-ip=2001:41c9:1:41f::167;
 envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

The call to esp_dma_enable() was being made with the SYSBUS_ESP type instead of
the ESP type. This meant that when GPIO 1 was being used to trigger a DMA
request from an external DMA controller, the setting of ESPState's dma_enabled
field would clobber unknown memory whilst the dma_cb callback pointer would
typically return NULL so the DMA request would never start.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
 hw/scsi/esp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index e52188d022..4218a6a960 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -1395,7 +1395,7 @@ static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
         parent_esp_reset(s, irq, level);
         break;
     case 1:
-        esp_dma_enable(opaque, irq, level);
+        esp_dma_enable(s, irq, level);
         break;
     }
 }

From patchwork Wed Sep 13 20:44:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
X-Patchwork-Id: 1833705
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (4096-bit key;
 unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256
 header.s=20220518 header.b=ciSGGjY2;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org
 (client-ip=209.51.188.17; helo=lists.gnu.org;
 envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
 receiver=patchwork.ozlabs.org)
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RmCC13X3Cz1yhn
	for <incoming@patchwork.ozlabs.org>; Thu, 14 Sep 2023 06:45:31 +1000 (AEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qgWj2-0007x7-Q2; Wed, 13 Sep 2023 16:44:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWj1-0007wz-Jp
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:39 -0400
Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWit-0007a7-G8
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version:
 References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc:
 Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
 List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=jndB8n2H6Bo7XmQ+0Mz5XDVcRQkLTrjD1HFlDra3TIA=; b=ciSGGjY2Kr9HY3y0VpCroENdWH
 ArgPTvRgntsnM/J5V4mvkiKN0gL6y9OvwY1eCdInhjrwsUbMV+3CC8bU6bDW/ly2AFjZAT5wkHccM
 +rvBYQKK7fEGehZx3VJeK20o9M10xXmvLM+yath5Kd0UF4RXbmOR2Ek0J0ZHIUKhUNJhy4mgTUa+w
 RgHk79N2obhCvELKak35CxihrMPhNfMQQSmiAOuK8aTzyMKeJ8g/Iv5DFZg92edLZFrl8+qkju7Yd
 EKHW6GzvuY5KnWNLi3RmIriNB1e+RTKbAXtKkoQKYmCsWQTSI4N0bLhxpzc3oiC+JgUkwsHPeF4/i
 tka5pPfRAl5uw0VasHpysNhoOTHF6BlfRqwEggJMKuYYPYopT6K3yNrTAVWYLDdBCRl63KwvkVMUC
 /KDlMpZgDSkXk8uH/wd60uLzVRPy7CHV0BeFT7MFZfdAaTFmrg4CHmPIjg/6mdhnIzDVYX/GX4WsW
 SOLOAiuNGAiiHIhkMxErFCvi0nMNaHPUGNlrU/zQCc8KqXdG/C9OrCVe7bih7mVs8I8BShQ0zEYZN
 JlY0BAcZvzWwkhHiEIyiqE80NDIiccGRVDWRg6HuOYwQAQ7PRo9Fo6R+yn83csf6GGKaxeCNUAITl
 4KHQkndkZ+5ubhR4Ik1GEFgOTl8VSZ5VeR9/psGzc=;
Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a]
 (helo=localhost.localdomain)
 by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWih-0003uU-VY; Wed, 13 Sep 2023 21:44:24 +0100
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
To: pbonzini@redhat.com,
	fam@euphon.net,
	qemu-devel@nongnu.org
Date: Wed, 13 Sep 2023 21:44:09 +0100
Message-Id: <20230913204410.65650-3-mark.cave-ayland@ilande.co.uk>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a
X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk
Subject: [PATCH 2/3] esp: restrict non-DMA transfer length to that of
 available data
X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000)
X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk)
Received-SPF: pass client-ip=2001:41c9:1:41f::167;
 envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

In the case where a SCSI layer transfer is incorrectly terminated, it is
possible for a TI command to cause a SCSI buffer overflow due to the
expected transfer data length being less than the available data in the
FIFO. When this occurs the unsigned async_len variable underflows and
becomes a large offset which writes past the end of the allocated SCSI
buffer.

Restrict the non-DMA transfer length to be the smallest of the expected
transfer length and the available FIFO data to ensure that it is no longer
possible for the SCSI buffer overflow to occur.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
 hw/scsi/esp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 4218a6a960..9b11d8c573 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -759,7 +759,8 @@ static void esp_do_nodma(ESPState *s)
     }
 
     if (to_device) {
-        len = MIN(fifo8_num_used(&s->fifo), ESP_FIFO_SZ);
+        len = MIN(s->async_len, ESP_FIFO_SZ);
+        len = MIN(len, fifo8_num_used(&s->fifo));
         esp_fifo_pop_buf(&s->fifo, s->async_buf, len);
         s->async_buf += len;
         s->async_len -= len;

From patchwork Wed Sep 13 20:44:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
X-Patchwork-Id: 1833706
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (4096-bit key;
 unprotected) header.d=ilande.co.uk header.i=@ilande.co.uk header.a=rsa-sha256
 header.s=20220518 header.b=zLA56ecO;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org
 (client-ip=209.51.188.17; helo=lists.gnu.org;
 envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
 receiver=patchwork.ozlabs.org)
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RmCCB2h1qz1yhd
	for <incoming@patchwork.ozlabs.org>; Thu, 14 Sep 2023 06:45:42 +1000 (AEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qgWj7-0007xa-Ee; Wed, 13 Sep 2023 16:44:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWj5-0007xN-5o
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:43 -0400
Received: from mail.ilande.co.uk ([2001:41c9:1:41f::167])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWiy-0007ix-WC
 for qemu-devel@nongnu.org; Wed, 13 Sep 2023 16:44:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=ilande.co.uk; s=20220518; h=Subject:Content-Transfer-Encoding:MIME-Version:
 References:In-Reply-To:Message-Id:Date:To:From:Sender:Reply-To:Cc:
 Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
 List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=2iS8Qzhbb8035J7C/TqM8tWwK2buTw+wyqXr6GpMqIo=; b=zLA56ecOlNizbt0g3BRGtcL958
 EYZD21oBZ+hYeuNTWQs2XY4nfuUftNfULmyTVWazejmHfI0vgSR32WOYfvQg4CctW/4IGg0//XHW6
 nioanceA7+48rzKkz1gHlUR0ALRT3WxXbEH7SeZXMMe2H+aTym5vKntqkkC/1pkNuKa/m5wn9oUda
 zc/jjY4zRrCDr8MIpHIg+nXmfn9D9WU8Wa6/MkF3DLPjQN4QdKAKLO/02DYaNFGZANnqnQ3e65JVd
 zNDjxiSi8KnnAnAklMEaRnCm7FXV1ZprL6ZsFOeYz2AaWDXWN73poq2Wm2BhL8Fdz3fE4xv8lDkW0
 IaC5VBQfPvFDB07GqGPm57OyEDny7x1J8DRqpRkNn/iXoTQb/r/07XV2o/NoNQf6p7tjDt6nb+T3j
 ZpOpQqUHULadSZygc620kJC3wSkqQJqU2jAx3bosHhxbfImsNROpi95n3Vm+e1D08v0ZFAag7w1R+
 Jp5n+ZN2fTsDMhsvmJCP1Lt9OSaK48RH5aga7bYBqvv/hfM9kxiJCfd2HLpBbzG3lq/NXcS5FiYLh
 uS2oNTTn7eIHbAutkeJgRUwsB7M/tuUJGtWVBmVFHj7PeX80pgdB50hV/AUGlsWc0qJwcu6adykma
 cl2zvEmSZoSIAtr0YlUC7YYZYzQS43ahH6bijbbe0=;
Received: from [2a00:23c4:8baf:5f00:38a1:1ac:b42:501a]
 (helo=localhost.localdomain)
 by mail.ilande.co.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <mark.cave-ayland@ilande.co.uk>)
 id 1qgWim-0003uU-5b; Wed, 13 Sep 2023 21:44:28 +0100
From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
To: pbonzini@redhat.com,
	fam@euphon.net,
	qemu-devel@nongnu.org
Date: Wed, 13 Sep 2023 21:44:10 +0100
Message-Id: <20230913204410.65650-4-mark.cave-ayland@ilande.co.uk>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
References: <20230913204410.65650-1-mark.cave-ayland@ilande.co.uk>
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 2a00:23c4:8baf:5f00:38a1:1ac:b42:501a
X-SA-Exim-Mail-From: mark.cave-ayland@ilande.co.uk
Subject: [PATCH 3/3] scsi-disk: ensure that FORMAT UNIT commands are
 terminated
X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000)
X-SA-Exim-Scanned: Yes (on mail.ilande.co.uk)
Received-SPF: pass client-ip=2001:41c9:1:41f::167;
 envelope-from=mark.cave-ayland@ilande.co.uk; helo=mail.ilande.co.uk
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Otherwise when a FORMAT UNIT command is issued, the SCSI layer can become
confused because it can find itself in the situation where it thinks there
is still data to be transferred which can cause the next emulated SCSI
command to fail.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 6ab71761 ("scsi-disk: add FORMAT UNIT command")
Tested-by: Thomas Huth <thuth@redhat.com>
---
 hw/scsi/scsi-disk.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e0d79c7966..4484ee8271 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1958,6 +1958,10 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req)
         scsi_disk_emulate_write_same(r, r->iov.iov_base);
         break;
 
+    case FORMAT_UNIT:
+        scsi_req_complete(&r->req, GOOD);
+        break;
+
     default:
         abort();
     }