scsi: pvscsi: request descriptor data_length to 32 bit

Message ID	alpine.LFD.2.20.1609051824140.16376@wniryva (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> Date: Mon, 5 Sep 2016 18:28:34 +0530 (IST) From: P J P <ppandit@redhat.com> To: Paolo Bonzini <pbonzini@redhat.com> In-Reply-To: <c1eca7af-a918-8938-6d7e-dacf74e35c80@redhat.com> Message-ID: <alpine.LFD.2.20.1609051824140.16376@wniryva> References: <1472884428-9975-1-git-send-email-ppandit@redhat.com> <fe88297e-34a1-a51c-b964-062f31c20b14@redhat.com> <alpine.LFD.2.20.1609051450510.15083@wniryva> <ea703469-dc33-d1f5-3221-8d0f67bde362@redhat.com> <alpine.LFD.2.20.1609051600210.15714@wniryva> <c1eca7af-a918-8938-6d7e-dacf74e35c80@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Subject: Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor data_length to 32 bit Precedence: list Cc: Dmitry Fleytman <dmitry@daynix.com>, Li Qiang <liqiang6-s@360.cn>, Qemu Developers <qemu-devel@nongnu.org> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Message ID

alpine.LFD.2.20.1609051824140.16376@wniryva (mailing list archive)

State

New, archived

Headers

Date: Mon, 5 Sep 2016 18:28:34 +0530 (IST)
From: P J P <ppandit@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
In-Reply-To: <c1eca7af-a918-8938-6d7e-dacf74e35c80@redhat.com>
Message-ID: <alpine.LFD.2.20.1609051824140.16376@wniryva>
References: <1472884428-9975-1-git-send-email-ppandit@redhat.com>
	<fe88297e-34a1-a51c-b964-062f31c20b14@redhat.com>
	<alpine.LFD.2.20.1609051450510.15083@wniryva>
	<ea703469-dc33-d1f5-3221-8d0f67bde362@redhat.com>
	<alpine.LFD.2.20.1609051600210.15714@wniryva>
	<c1eca7af-a918-8938-6d7e-dacf74e35c80@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Subject: Re: [Qemu-devel] [PATCH] scsi: pvscsi: request descriptor
	data_length to 32 bit
Precedence: list
Cc: Dmitry Fleytman <dmitry@daynix.com>, Li Qiang <liqiang6-s@360.cn>,
	Qemu Developers <qemu-devel@nongnu.org>
Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+ | Without a public spec it's hard, but I guess 2048 is more than enough. === Does this look okay? -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Comments

Paolo Bonzini Sept. 5, 2016, 1:02 p.m. UTC | #1

On 05/09/2016 14:58, P J P wrote:
> +-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
> | Without a public spec it's hard, but I guess 2048 is more than enough.
> 
> ===
> diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
> index 4245c15..4823b9d 100644
> --- a/hw/scsi/vmw_pvscsi.c
> +++ b/hw/scsi/vmw_pvscsi.c
> @@ -628,17 +628,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
>  static void
>  pvscsi_convert_sglist(PVSCSIRequest *r)
>  {
> -    int chunk_size;
> +    int chunk_size, n = 0;

chunk_size should be uint32_t.

>      uint64_t data_length = r->req.dataLen;
>      PVSCSISGState sg = r->sg;
> -    while (data_length) {
> -        while (!sg.resid) {
> +    while (data_length && n < 2048) {
> +        while (!sg.resid && n++ < 2048) {
>              pvscsi_get_next_sg_elem(&sg);
>              trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
>                                          r->sg.resid);
>          }
> -        assert(data_length > 0);
> -        chunk_size = MIN((unsigned) data_length, sg.resid);
> +        chunk_size = MIN(data_length, sg.resid);
>          if (chunk_size) {
>              qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
>          }
> ===
> 
> Does this look okay?

Yes, just change 2048 to a #define PVSCSI_MAX_SG_ELEM.

Paolo

> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>

Prasad Pandit Sept. 5, 2016, 8:52 p.m. UTC | #2

+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| chunk_size should be uint32_t.
| 
| > -    while (data_length) {
| > -        while (!sg.resid) {
| > +    while (data_length && n < 2048) {
| > +        while (!sg.resid && n++ < 2048) {
| >              pvscsi_get_next_sg_elem(&sg);
| > -        assert(data_length > 0);
| > -        chunk_size = MIN((unsigned) data_length, sg.resid);
| > +        chunk_size = MIN(data_length, sg.resid);
| > Does this look okay?
| 
| Yes, just change 2048 to a #define PVSCSI_MAX_SG_ELEM.

  Done. I've sent a revised patch v2.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

===
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 4245c15..4823b9d 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -628,17 +628,16 @@  pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
 static void
 pvscsi_convert_sglist(PVSCSIRequest *r)
 {
-    int chunk_size;
+    int chunk_size, n = 0;
     uint64_t data_length = r->req.dataLen;
     PVSCSISGState sg = r->sg;
-    while (data_length) {
-        while (!sg.resid) {
+    while (data_length && n < 2048) {
+        while (!sg.resid && n++ < 2048) {
             pvscsi_get_next_sg_elem(&sg);
             trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
                                         r->sg.resid);
         }
-        assert(data_length > 0);
-        chunk_size = MIN((unsigned) data_length, sg.resid);
+        chunk_size = MIN(data_length, sg.resid);
         if (chunk_size) {
             qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
         }

scsi: pvscsi: request descriptor data_length to 32 bit

Commit Message

Comments

Patch