1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

Xiang Zheng posted 1 patch 6 years, 8 months ago
Test docker-clang@ubuntu passed
Test asan passed
Test docker-mingw@fedora passed
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190214122700.18572-1-zhengxiang9@huawei.com
Maintainers: Fam Zheng <fam@euphon.net>, Paolo Bonzini <pbonzini@redhat.com>
hw/scsi/scsi-disk.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
[Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached
Posted by Xiang Zheng 6 years, 8 months ago 
There is a small window between the twice blk_is_available in
scsi_disk_emulate_command which would cause crash due to the later
assertion if the remote cdrom is detached in this window.

So this patch replaces assertions with return to avoid qemu crash.

Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
---
The qemu error log shows:

qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
2019-02-15 04:35:18.592: shutting down, reason=crashed

---
 hw/scsi/scsi-disk.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index d4e83ae..6bcafe2 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1890,7 +1890,10 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
     memset(outbuf, 0, r->buflen);
     switch (req->cmd.buf[0]) {
     case TEST_UNIT_READY:
-        assert(blk_is_available(s->qdev.conf.blk));
+        if (!blk_is_available(s->qdev.conf.blk)) {
+            scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+            return 0;
+        }
         break;
     case INQUIRY:
         buflen = scsi_disk_emulate_inquiry(req, outbuf);
-- 
1.8.3.1
Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached
Posted by Paolo Bonzini 6 years, 8 months ago 
On 14/02/19 13:27, Xiang Zheng wrote:
> There is a small window between the twice blk_is_available in
> scsi_disk_emulate_command which would cause crash due to the later
> assertion if the remote cdrom is detached in this window.
> 
> So this patch replaces assertions with return to avoid qemu crash.
> 
> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
> ---
> The qemu error log shows:
> 
> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
> 2019-02-15 04:35:18.592: shutting down, reason=crashed

Is this with virtio-scsi-dataplane?

Paolo
Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached
Posted by Zheng Xiang 6 years, 8 months ago 
Hi Paolo,

On 2019/2/15 2:07, Paolo Bonzini wrote:
> On 14/02/19 13:27, Xiang Zheng wrote:
>> There is a small window between the twice blk_is_available in
>> scsi_disk_emulate_command which would cause crash due to the later
>> assertion if the remote cdrom is detached in this window.
>>
>> So this patch replaces assertions with return to avoid qemu crash.
>>
>> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
>> ---
>> The qemu error log shows:
>>
>> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
>> 2019-02-15 04:35:18.592: shutting down, reason=crashed
> 
> Is this with virtio-scsi-dataplane?
> 

No, the QEMU commandline about scsi is bellow:
	-device virtio-scsi-pci,id=scsi0,bus=pci.4,addr=0x0 \
	-drive file=/mnt/zhengxiang/guestos.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \
	-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
	-drive file=/home/tmp.iso,format=raw,if=none,id=drive-scsi0-0-0-1,readonly=on,cache=none,aio=threads \
	-device scsi-cd,bus=scsi0.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi0-0-0-1,id=scsi0-0-0-1

This problem can be reproduced by detaching and attaching remote cdrom repeatly.

-- 

Thanks,
Xiang
Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached
Posted by Zheng Xiang 6 years, 8 months ago 
Ping?

On 2019/2/15 11:17, Zheng Xiang wrote:
> Hi Paolo,
> 
> On 2019/2/15 2:07, Paolo Bonzini wrote:
>> On 14/02/19 13:27, Xiang Zheng wrote:
>>> There is a small window between the twice blk_is_available in
>>> scsi_disk_emulate_command which would cause crash due to the later
>>> assertion if the remote cdrom is detached in this window.
>>>
>>> So this patch replaces assertions with return to avoid qemu crash.
>>>
>>> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
>>> ---
>>> The qemu error log shows:
>>>
>>> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
>>> 2019-02-15 04:35:18.592: shutting down, reason=crashed
>>
>> Is this with virtio-scsi-dataplane?
>>
> 
> No, the QEMU commandline about scsi is bellow:
> 	-device virtio-scsi-pci,id=scsi0,bus=pci.4,addr=0x0 \
> 	-drive file=/mnt/zhengxiang/guestos.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \
> 	-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
> 	-drive file=/home/tmp.iso,format=raw,if=none,id=drive-scsi0-0-0-1,readonly=on,cache=none,aio=threads \
> 	-device scsi-cd,bus=scsi0.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi0-0-0-1,id=scsi0-0-0-1
> 
> This problem can be reproduced by detaching and attaching remote cdrom repeatly.
> 
-- 

Thanks,
Xiang

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.