+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| chunk_size should be uint32_t.
|
| > -while (data_length) {
| > -while (!sg.resid) {
| > +while (data_length && n < 2048) {
| > +while (!sg.resid && n++ < 2048) {
| > pvscsi_get_next_sg_elem(&sg);
| > -a
On 05/09/2016 14:58, P J P wrote:
> +-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
> | Without a public spec it's hard, but I guess 2048 is more than enough.
>
> ===
> diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
> index 4245c15..4823b9d 100644
> --- a/hw/scsi/vmw_pvscsi.c
> +++ b/h
+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| Without a public spec it's hard, but I guess 2048 is more than enough.
===
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 4245c15..4823b9d 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -628,17 +628,16 @@ pvscsi_que
On 05/09/2016 13:13, P J P wrote:
> +-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
> | No, that's not what happens. chunk_size is set to sg.resid, after which:
> |
> | sg.dataAddr += chunk_size;
> | data_length -= chunk_size;
> | sg.resid -= chunk_size;
> |
> | The loo
+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| No, that's not what happens. chunk_size is set to sg.resid, after which:
|
| sg.dataAddr += chunk_size;
| data_length -= chunk_size;
| sg.resid -= chunk_size;
|
| The loop is reentered with sg.resid == 0, it calls into
| p
Hello Paolo, all
+-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
| > -uint64_t data_length = r->req.dataLen;
| > +uint32_t data_length = r->req.dataLen;
|
| Why is this needed if you remove the cast in MIN, below?
The outer while loop below is controlled by 'data_length'. The cast in M
On 05/09/2016 11:50, P J P wrote:
> Hello Paolo, all
>
> +-- On Mon, 5 Sep 2016, Paolo Bonzini wrote --+
> | > -uint64_t data_length = r->req.dataLen;
> | > +uint32_t data_length = r->req.dataLen;
> |
> | Why is this needed if you remove the cast in MIN, below?
>
> The outer while lo
On 03/09/2016 08:33, P J P wrote:
> From: Prasad J Pandit
>
> In PVSCSI paravirtual SCSI bus, the request descriptor data
> length is defined to be 64 bit. While building SG list from
> a request descriptor, it gets truncated to 32bit in routine
> 'pvscsi_convert_sglist'. This could lead to an
From: Prasad J Pandit
In PVSCSI paravirtual SCSI bus, the request descriptor data
length is defined to be 64 bit. While building SG list from
a request descriptor, it gets truncated to 32bit in routine
'pvscsi_convert_sglist'. This could lead to an infinite loop
situation for arbitrarily large 'd
