[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/3] scsi-disk: Limit zero write request to SCSI_WRI
From: |
Fam Zheng |
Subject: |
[Qemu-devel] [PATCH 1/3] scsi-disk: Limit zero write request to SCSI_WRITE_SAME_MAX |
Date: |
Fri, 24 Apr 2015 16:33:54 +0800 |
SBC-4 says:
If the number of logical blocks specified to be unmapped or written
exceeds the value indicated in the MAXIMUM WRITE SAME LENGTH field
in the Block Limits VPD page (see 6.6.4), then the device server
shall terminate the command with CHECK CONDITION status with the
sense key set to ILLEGAL REQUEST and the additional sense code set
to INVALID FIELD IN CDB.
Check the request size to match the spec.
Signed-off-by: Fam Zheng <address@hidden>
---
hw/scsi/scsi-disk.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 54d71f4..b748982 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1707,6 +1707,11 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r,
uint8_t *inbuf)
return;
}
+ if (nb_sectors * (s->qdev.blocksize / 512) * 512 > SCSI_WRITE_SAME_MAX) {
+ scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+ return;
+ }
+
if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
@@ -1726,7 +1731,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r,
uint8_t *inbuf)
data->r = r;
data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
- data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
+ data->iov.iov_len = data->nb_sectors * 512;
data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
data->iov.iov_len);
qemu_iovec_init_external(&data->qiov, &data->iov, 1);
--
1.9.3