On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke <h...@suse.de> wrote:
> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
> /* No data transfer may already be in progress */
> assert(r->req.aiocb == NULL);
>
> + if (r->req.cmd.mode == SCSI_XFER_TO_DEV)
> + BADF("Data transfer direction invalid\n");
> +
> if (r->sector_count == (uint32_t)-1) {
> DPRINTF("Read buf_len=%zd\n", r->iov[0].iov_len);
> r->sector_count = 0;
> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
> /* No data transfer may already be in progress */
> assert(r->req.aiocb == NULL);
>
> + if (r->req.cmd.mode != SCSI_XFER_TO_DEV)
> + BADF("Data transfer direction invalid\n");
> +
> n = iov_size(r->iov, r->iov_num) / 512;
> if (n) {
> qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);
If the guest can trigger this then there must be a SCSI response (an
error?). Right now BADF() will do fprintf(stderr) and then continue
executing.
Can we abort the operation?
Stefan
