From nobody Sun May 5 02:46:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569281997; cv=none; d=zoho.com; s=zohoarc; b=mdWhhC0PYX6OBG6skTRWaf12qUsVH8mIm3T6G6HNLNKIZE169Y2C4POlqZvS8jK8VMdiDKty5oG77/zYbDzjxqp023Psin5jeuKG2TG6Xj9BnFqp/F74rBHdtvWGzuBqarzRg7/fHyZK7tyQMibKPPTTAgQCKEmsoQww1/65X0E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569281997; h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=2doi0D3g4tjK/OHHStCqqMpFt/Sz4x26h15tf0pRv00=; b=W0rYkKvGjMF+EfIdRnYZTJJdf3IprYNsH6ZAFXDUAV0XRBF2QbkHweKhko0A2ITkxYCZKMnZU9E/jEQDECZQmDCH4lkOLG1ye46nm56rZc/eEnCOcu6xZb8UxTihVkEp9T39Ydf55ukqQqYyoVr+PN5SPa4w/zD+TUejpyO3/m4= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1569281997220614.6868959607033; Mon, 23 Sep 2019 16:39:57 -0700 (PDT) Received: from localhost ([::1]:37426 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCXvk-0004al-Lr for importer@patchew.org; Mon, 23 Sep 2019 19:39:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40889) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCXuz-00045d-US for qemu-devel@nongnu.org; Mon, 23 Sep 2019 19:38:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iCXuy-0001VZ-SK for qemu-devel@nongnu.org; Mon, 23 Sep 2019 19:38:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56550) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iCXuv-0001UY-3F; Mon, 23 Sep 2019 19:38:53 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 21293300CB25; Mon, 23 Sep 2019 23:38:52 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.80]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9382B6012D; Mon, 23 Sep 2019 23:38:50 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Subject: [PATCH] qemu-pr-helper: fix crash in mpath_reconstruct_sense Date: Tue, 24 Sep 2019 02:38:48 +0300 Message-Id: <20190923233848.29445-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Mon, 23 Sep 2019 23:38:52 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fam Zheng , Paolo Bonzini , qemu-block@nongnu.org, Maxim Levitsky Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 'r' variable was accidently shadowed, and because of this we were always passing 0 to mpath_generic_sense, instead of original return value, which triggers an abort() This is an attempt to fix the https://bugzilla.redhat.com/show_bug.cgi?id=3D1720047 although there might be other places in the code that trigger qemu-pr-helper crash, and this fix might not be the root cause. The crash was reproduced by creating an iscsi target on a test machine, and passing it twice to the guest like that: -blockdev node-name=3Didisk0,driver=3Discsi,transport=3D...,target=3D... -device scsi-block,drive=3Didisk0,bus=3Dscsi0.0,bootindex=3D-1,scsi-id=3D1,= lun=3D0,share-rw=3Don -device scsi-block,drive=3Didisk0,bus=3Dscsi0.0,bootindex=3D-1,scsi-id=3D1,= lun=3D1,share-rw=3Don Then in the guest, both /dev/sda and /dev/sdb were aggregated by multipath = to /dev/mpatha, which was passed to a nested guest like that -object pr-manager-helper,id=3Dqemu_pr_helper,path=3D/root/work/vm/testvm/.= run/pr_helper.socket -blockdev node-name=3Dtest,driver=3Dhost_device,filename=3D/dev/mapper/mpat= ha,pr-manager=3Dqemu_pr_helper -device scsi-block,drive=3Dtest,bus=3Dscsi0.0,bootindex=3D-1,scsi-id=3D0,lu= n=3D0 The nested guest run: sg_persist --no-inquiry -v --out --register --param-sark 0x1234 /dev/sda Strictly speaking this is wrong configuration since qemu is where the multipath was split, and thus the iscsi target was not aware of multipath, and thus when libmpathpersist code rightfully tried to register the PR key on all paths, it failed to do so. However qemu-pr-helper should not crash in this case. Signed-off-by: Maxim Levitsky --- scsi/qemu-pr-helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c index a8a74d1dba..debb18f4aa 100644 --- a/scsi/qemu-pr-helper.c +++ b/scsi/qemu-pr-helper.c @@ -323,10 +323,10 @@ static int mpath_reconstruct_sense(int fd, int r, uin= t8_t *sense) */ uint8_t cdb[6] =3D { TEST_UNIT_READY }; int sz =3D 0; - int r =3D do_sgio(fd, cdb, sense, NULL, &sz, SG_DXFER_NONE); + int ret =3D do_sgio(fd, cdb, sense, NULL, &sz, SG_DXFER_NONE); =20 - if (r !=3D GOOD) { - return r; + if (ret !=3D GOOD) { + return ret; } scsi_build_sense(sense, mpath_generic_sense(r)); return CHECK_CONDITION; --=20 2.17.2