All these errors are caused by a buggy guest: let's switch the device to the broken state and stop processing the request, instead of terminating QEMU.
Signed-off-by: Greg Kurz <gr...@kaod.org> --- v2: - use VIRTIO_DEVICE(req->dev) instead of non-existing req->vdev in virtio_scsi_bad_req - converted a call to virtio_scsi_bad_req() I had overlooked in virtio_scsi_handle_cmd_req_prepare() --- hw/scsi/virtio-scsi.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index e596b6474131..1ff23137542c 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -81,10 +81,9 @@ static void virtio_scsi_complete_req(VirtIOSCSIReq *req) virtio_scsi_free_req(req); } -static void virtio_scsi_bad_req(void) +static void virtio_scsi_bad_req(VirtIOSCSIReq *req) { - error_report("wrong size for virtio-scsi headers"); - exit(1); + virtio_error(VIRTIO_DEVICE(req->dev), "wrong size for virtio-scsi headers"); } static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct iovec *iov, @@ -387,7 +386,7 @@ static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req) if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, &type, sizeof(type)) < sizeof(type)) { - virtio_scsi_bad_req(); + virtio_scsi_bad_req(req); return; } @@ -395,7 +394,8 @@ static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req) if (type == VIRTIO_SCSI_T_TMF) { if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq), sizeof(VirtIOSCSICtrlTMFResp)) < 0) { - virtio_scsi_bad_req(); + virtio_scsi_bad_req(req); + return; } else { r = virtio_scsi_do_tmf(s, req); } @@ -404,7 +404,8 @@ static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req) type == VIRTIO_SCSI_T_AN_SUBSCRIBE) { if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlANReq), sizeof(VirtIOSCSICtrlANResp)) < 0) { - virtio_scsi_bad_req(); + virtio_scsi_bad_req(req); + return; } else { req->resp.an.event_actual = 0; req->resp.an.response = VIRTIO_SCSI_S_OK; @@ -533,7 +534,7 @@ static bool virtio_scsi_handle_cmd_req_prepare(VirtIOSCSI *s, VirtIOSCSIReq *req if (rc == -ENOTSUP) { virtio_scsi_fail_cmd_req(req); } else { - virtio_scsi_bad_req(); + virtio_scsi_bad_req(req); } return false; } @@ -708,7 +709,8 @@ void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev, } if (virtio_scsi_parse_req(req, 0, sizeof(VirtIOSCSIEvent))) { - virtio_scsi_bad_req(); + virtio_scsi_bad_req(req); + goto out; } evt = &req->resp.event;