[Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Xiang Zheng]

There is a small window between the twice blk_is_available in
scsi_disk_emulate_command which would cause crash due to the later
assertion if the remote cdrom is detached in this window.

So this patch replaces assertions with return to avoid qemu crash.

Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
---
The qemu error log shows:

qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
2019-02-15 04:35:18.592: shutting down, reason=crashed

---
 hw/scsi/scsi-disk.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index d4e83ae..6bcafe2 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1890,7 +1890,10 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
     memset(outbuf, 0, r->buflen);
     switch (req->cmd.buf[0]) {
     case TEST_UNIT_READY:
-        assert(blk_is_available(s->qdev.conf.blk));
+        if (!blk_is_available(s->qdev.conf.blk)) {
+            scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+            return 0;
+        }
         break;
     case INQUIRY:
         buflen = scsi_disk_emulate_inquiry(req, outbuf);
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Paolo Bonzini]

On 14/02/19 13:27, Xiang Zheng wrote:
> There is a small window between the twice blk_is_available in
> scsi_disk_emulate_command which would cause crash due to the later
> assertion if the remote cdrom is detached in this window.
> 
> So this patch replaces assertions with return to avoid qemu crash.
> 
> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
> ---
> The qemu error log shows:
> 
> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
> 2019-02-15 04:35:18.592: shutting down, reason=crashed

Is this with virtio-scsi-dataplane?

Paolo

Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Zheng Xiang]

Hi Paolo,

On 2019/2/15 2:07, Paolo Bonzini wrote:
> On 14/02/19 13:27, Xiang Zheng wrote:
>> There is a small window between the twice blk_is_available in
>> scsi_disk_emulate_command which would cause crash due to the later
>> assertion if the remote cdrom is detached in this window.
>>
>> So this patch replaces assertions with return to avoid qemu crash.
>>
>> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
>> ---
>> The qemu error log shows:
>>
>> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
>> 2019-02-15 04:35:18.592: shutting down, reason=crashed
> 
> Is this with virtio-scsi-dataplane?
> 

No, the QEMU commandline about scsi is bellow:
	-device virtio-scsi-pci,id=scsi0,bus=pci.4,addr=0x0 \
	-drive file=/mnt/zhengxiang/guestos.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \
	-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
	-drive file=/home/tmp.iso,format=raw,if=none,id=drive-scsi0-0-0-1,readonly=on,cache=none,aio=threads \
	-device scsi-cd,bus=scsi0.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi0-0-0-1,id=scsi0-0-0-1

This problem can be reproduced by detaching and attaching remote cdrom repeatly.

-- 

Thanks,
Xiang

Re: [Qemu-devel] [PATCH] scsi-cd: Fix crash after remote cdrom detached

[Zheng Xiang]

Ping?

On 2019/2/15 11:17, Zheng Xiang wrote:
> Hi Paolo,
> 
> On 2019/2/15 2:07, Paolo Bonzini wrote:
>> On 14/02/19 13:27, Xiang Zheng wrote:
>>> There is a small window between the twice blk_is_available in
>>> scsi_disk_emulate_command which would cause crash due to the later
>>> assertion if the remote cdrom is detached in this window.
>>>
>>> So this patch replaces assertions with return to avoid qemu crash.
>>>
>>> Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
>>> ---
>>> The qemu error log shows:
>>>
>>> qemu-system-aarch64: /home/qemu/hw/scsi/scsi-disk.c:1896: scsi_disk_emulate_command: Assertion `blk_is_available(s->qdev.conf.blk)' failed.
>>> 2019-02-15 04:35:18.592: shutting down, reason=crashed
>>
>> Is this with virtio-scsi-dataplane?
>>
> 
> No, the QEMU commandline about scsi is bellow:
> 	-device virtio-scsi-pci,id=scsi0,bus=pci.4,addr=0x0 \
> 	-drive file=/mnt/zhengxiang/guestos.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \
> 	-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
> 	-drive file=/home/tmp.iso,format=raw,if=none,id=drive-scsi0-0-0-1,readonly=on,cache=none,aio=threads \
> 	-device scsi-cd,bus=scsi0.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi0-0-0-1,id=scsi0-0-0-1
> 
> This problem can be reproduced by detaching and attaching remote cdrom repeatly.
> 
-- 

Thanks,
Xiang