qemu/scsi-bugfix-fix-division-by-zero.patch

From f2837d186532fb82ed01dbe32bdcf9dda6b06258 Mon Sep 17 00:00:00 2001
From: WangJian <wangjian161@huawei.com>
Date: Wed, 9 Feb 2022 16:34:05 +0800
Subject: [PATCH] scsi: bugfix: fix division by zero

Error of PRDM disk may cause divide by zero in
scsi_read_complete(), so add LOG and assert().

Signed-off-by: wangjian161 <wangjian161@huawei.com>
Signed-off-by: shaodenghui <shaodenghui@huawei.com>
---
 hw/scsi/scsi-generic.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 2417f0ad84..22efcd09a6 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -192,6 +192,10 @@ static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len)
         (r->req.cmd.buf[1] & 0x01)) {
         page = r->req.cmd.buf[2];
         if (page == 0xb0 && r->buflen >= 8) {
+            if (s->blocksize == 0) {
+                qemu_log("device blocksize is 0!\n");
+                abort();
+            }
             uint8_t buf[16] = {};
             uint8_t buf_used = MIN(r->buflen, 16);
             uint64_t max_transfer = calculate_max_transfer(s);
@@ -326,11 +330,23 @@ static void scsi_read_complete(void * opaque, int ret)
     /* Snoop READ CAPACITY output to set the blocksize.  */
     if (r->req.cmd.buf[0] == READ_CAPACITY_10 &&
         (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) {
-        s->blocksize = ldl_be_p(&r->buf[4]);
+        int new_blocksize = ldl_be_p(&r->buf[4]);
+        if (s->blocksize != new_blocksize) {
+            qemu_log("device id=%s type=%d: blocksize %d change to %d\n",
+                     s->qdev.id ? s->qdev.id : "null", s->type,
+                     s->blocksize, new_blocksize);
+        }
+        s->blocksize = new_blocksize;
         s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL;
     } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
                (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
-        s->blocksize = ldl_be_p(&r->buf[8]);
+        int new_blocksize = ldl_be_p(&r->buf[8]);
+        if (s->blocksize != new_blocksize) {
+            qemu_log("device id=%s type=%d: blocksize %d change to %d\n",
+                     s->qdev.id ? s->qdev.id : "null", s->type,
+                     s->blocksize, new_blocksize);
+        }
+        s->blocksize = new_blocksize;
         s->max_lba = ldq_be_p(&r->buf[0]);
     }
 
-- 
2.27.0