Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to

From:	P J P
Subject:	Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit
Date:	Mon, 5 Sep 2016 16:43:59 +0530 (IST)

+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| No, that's not what happens.  chunk_size is set to sg.resid, after which:
| 
|         sg.dataAddr += chunk_size;
|         data_length -= chunk_size;
|         sg.resid -= chunk_size;
| 
| The loop is reentered with sg.resid == 0, it calls into
| pvscsi_get_next_sg_elem and this sets sg.resid to a nonzero value.  It's
| not an infinite loop.

  Yes, true; But 'pvscsi_get_next_sg_elem' does not return non-zero 'sg.resid' 
each time. In fact, it returns more zeros and thus the loop iterates 
infinitely. When I ran it with 64 bit 'data_length' and without cast, after 
some time, the inner loop gets stuck and does not seem to read non-zero values 
into 'sg.resid'.

Is there limit to number of SG elements?

| The driver is irrelevant.  If the data_length is an uint64_t you need to
| ensure that a 64 bit buffer is processed correctly.  Here you are
| truncating it, which is wrong and will cause a buffer underrun.

  Yes. I thought truncation in MIN was intentional, considering the driver 
sets 'dataLen' to 32 bit value.

If we are to go with 64 bit 'data_length', how long should the inner while 
loop run?

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, P J P, 2016/09/03
- Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, Paolo Bonzini, 2016/09/05
  - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, P J P, 2016/09/05
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, Paolo Bonzini, 2016/09/05
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, P J P <=
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, Paolo Bonzini, 2016/09/05
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, P J P, 2016/09/05
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, Paolo Bonzini, 2016/09/05
    - Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit, P J P, 2016/09/05

Prev by Date: Re: [Qemu-devel] [PATCH v2 4/7] ppc/pnv: add a core mask to PnvChip
Next by Date: Re: [Qemu-devel] [PATCH] Move migrate_set_speed and migrate_set_downtime into migrate_set_parameter
Previous by thread: Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit
Next by thread: Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit
Index(es):
- Date
- Thread