[Qemu-devel] [PATCH 60/88] virtio-scsi: work around bug in old BIOSes

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 60/88] virtio-scsi: work around bug in old BIOSes

From:	Michael Roth
Subject:	[Qemu-devel] [PATCH 60/88] virtio-scsi: work around bug in old BIOSes
Date:	Thu, 8 Jan 2015 11:34:04 -0600

From: Paolo Bonzini <address@hidden>

Old BIOSes left some padding by mistake after the req_size/resp_size.
New QEMU does not like it, thinking it is a bidirectional command.

As a workaround, we can check if the ANY_LAYOUT bit is set; if not, we
always consider the first buffer as the virtio-scsi request/response,
because, back when QEMU did not support ANY_LAYOUT, it expected the
payload to start at the second element of the iovec.

This can show up during migration.

Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 55783a5521a3b1f93ee6a072e414a27c6cfa15f0)
Signed-off-by: Michael Roth <address@hidden>
---
 hw/scsi/virtio-scsi.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index f041991..f7e77e9 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -135,6 +135,7 @@ static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct 
iovec *iov,
 static int virtio_scsi_parse_req(VirtIOSCSIReq *req,
                                  unsigned req_size, unsigned resp_size)
 {
+    VirtIODevice *vdev = (VirtIODevice *) req->dev;
     size_t in_size, out_size;
 
     if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0,
@@ -147,8 +148,24 @@ static int virtio_scsi_parse_req(VirtIOSCSIReq *req,
                               resp_size) < resp_size) {
         return -EINVAL;
     }
+
     req->resp_size = resp_size;
 
+    /* Old BIOSes left some padding by mistake after the req_size/resp_size.
+     * As a workaround, always consider the first buffer as the virtio-scsi
+     * request/response, making the payload start at the second element
+     * of the iovec.
+     *
+     * The actual length of the response header, stored in req->resp_size,
+     * does not change.
+     *
+     * TODO: always disable this workaround for virtio 1.0 devices.
+     */
+    if ((vdev->guest_features & VIRTIO_F_ANY_LAYOUT) == 0) {
+        req_size = req->elem.out_sg[0].iov_len;
+        resp_size = req->elem.in_sg[0].iov_len;
+    }
+
     out_size = qemu_sgl_concat(req, req->elem.out_sg,
                                &req->elem.out_addr[0], req->elem.out_num,
                                req_size);
-- 
1.9.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 57/88] esp-pci: fixup deadlock with linux, (continued)
- [Qemu-devel] [PATCH 57/88] esp-pci: fixup deadlock with linux, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 19/88] virtio-balloon: fix integer overflow in memory stats feature, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 56/88] hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*), Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 58/88] target-xtensa: add missing window check for entry, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 21/88] ivshmem: Check ivshmem_read() size argument, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 23/88] ivshmem: Fix potential OOB r/w access, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 55/88] snapshot: add bdrv_drain_all() to bdrv_snapshot_delete() to avoid concurrency problem, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 61/88] libcacard: fix resource leak, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 59/88] kvm: Fix memory slot page alignment logic, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 62/88] l2tpv3: fix possible double free, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 60/88] virtio-scsi: work around bug in old BIOSes, Michael Roth <=
- [Qemu-devel] [PATCH 64/88] hw/ide/core.c: Prevent SIGSEGV during migration, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 66/88] block: Make essential BlockDriver objects public, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 63/88] exec: Handle multipage ranges in invalidate_and_set_dirty(), Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 67/88] block: Omit bdrv_find_format for essential drivers, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 65/88] virtio-net: fix unmap leak, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 68/88] block/vvfat: qcow driver may not be found, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 70/88] block: Check create_opts before image creation, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 73/88] iotests: Only kill NBD server if it runs, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 69/88] block/nfs: Add create_opts, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 79/88] block migration: fix return value, Michael Roth, 2015/01/08

Prev by Date: [Qemu-devel] [PATCH 62/88] l2tpv3: fix possible double free
Next by Date: [Qemu-devel] [PATCH 64/88] hw/ide/core.c: Prevent SIGSEGV during migration
Previous by thread: [Qemu-devel] [PATCH 62/88] l2tpv3: fix possible double free
Next by thread: [Qemu-devel] [PATCH 64/88] hw/ide/core.c: Prevent SIGSEGV during migration
Index(es):
- Date
- Thread