On 13/09/2023 22.44, Mark Cave-Ayland wrote:
Otherwise when a FORMAT UNIT command is issued, the SCSI layer can become confused because it can find itself in the situation where it thinks there is still data to be transferred which can cause the next emulated SCSI command to fail.Signed-off-by: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk> Fixes: 6ab71761 ("scsi-disk: add FORMAT UNIT command") --- hw/scsi/scsi-disk.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index e0d79c7966..4484ee8271 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1958,6 +1958,10 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req) scsi_disk_emulate_write_same(r, r->iov.iov_base); break;+ case FORMAT_UNIT:+ scsi_req_complete(&r->req, GOOD); + break; + default: abort(); }
Thanks! I just double-checked that this fixes the crash that can be triggered with the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1810 :
Tested-by: Thomas Huth <th...@redhat.com>
