The response size is expected to be zero if the SCSI status is not
"GOOD", but nothing was resetting it.

This can be reproduced simply by "sg_persist -s /dev/sdb" where /dev/sdb
in the guest is a scsi-block device corresponding to a multipath device
on the host.

Before:

  PR in (Read full status): Aborted command

and on the host:

  prh_write_response: Assertion `resp->sz == 0' failed.

After:

  PR in (Read full status): bad field in cdb or parameter list
  (perhaps unsupported service action)

Reported-by: Jiri Belka <jbelka@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 scsi/qemu-pr-helper.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index 4057cf355c..0218d65bbf 100644
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -558,7 +558,11 @@ static int do_pr_in(int fd, const uint8_t *cdb, uint8_t *sense,
 #ifdef CONFIG_MPATH
     if (is_mpath(fd)) {
         /* multipath_pr_in fills the whole input buffer.  */
-        return multipath_pr_in(fd, cdb, sense, data, *resp_sz);
+        int r = multipath_pr_in(fd, cdb, sense, data, *resp_sz);
+        if (r != GOOD) {
+            *resp_sz = 0;
+        }
+        return r;
     }
 #endif
 
-- 
2.17.1

On 06/26/2018 12:40 PM, Paolo Bonzini wrote:
> The response size is expected to be zero if the SCSI status is not
> "GOOD", but nothing was resetting it.
> 
> This can be reproduced simply by "sg_persist -s /dev/sdb" where /dev/sdb
> in the guest is a scsi-block device corresponding to a multipath device
> on the host.
> 
> Before:
> 
>   PR in (Read full status): Aborted command
> 
> and on the host:
> 
>   prh_write_response: Assertion `resp->sz == 0' failed.
> 
> After:
> 
>   PR in (Read full status): bad field in cdb or parameter list
>   (perhaps unsupported service action)
> 
> Reported-by: Jiri Belka <jbelka@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  scsi/qemu-pr-helper.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
> index 4057cf355c..0218d65bbf 100644
> --- a/scsi/qemu-pr-helper.c
> +++ b/scsi/qemu-pr-helper.c
> @@ -558,7 +558,11 @@ static int do_pr_in(int fd, const uint8_t *cdb, uint8_t *sense,
>  #ifdef CONFIG_MPATH
>      if (is_mpath(fd)) {
>          /* multipath_pr_in fills the whole input buffer.  */
> -        return multipath_pr_in(fd, cdb, sense, data, *resp_sz);
> +        int r = multipath_pr_in(fd, cdb, sense, data, *resp_sz);
> +        if (r != GOOD) {
> +            *resp_sz = 0;
> +        }
> +        return r;
>      }
>  #endif
>  
> 

On 06/26/2018 05:40 PM, Paolo Bonzini wrote:
> The response size is expected to be zero if the SCSI status is not
> "GOOD", but nothing was resetting it.
> 
> This can be reproduced simply by "sg_persist -s /dev/sdb" where /dev/sdb
> in the guest is a scsi-block device corresponding to a multipath device
> on the host.
> 
> Before:
> 
>   PR in (Read full status): Aborted command
> 
> and on the host:
> 
>   prh_write_response: Assertion `resp->sz == 0' failed.
> 
> After:
> 
>   PR in (Read full status): bad field in cdb or parameter list
>   (perhaps unsupported service action)
> 
> Reported-by: Jiri Belka <jbelka@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  scsi/qemu-pr-helper.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal