On 2025-01-18 01:11:01, Mike Christie wrote: > I can't tell if being able to call VHOST_SCSI_SET_ENDPOINT multiple > times without calling VHOST_SCSI_CLEAR_ENDPOINT between calls is an > actual feature that the code was trying to support or that is the > root bug. It's so buggy I feel like it was never meant to be called > like this so we should just add a check at the beginning of the function. Sure, proceed as you prefer (Maintaining a 12-year-old codebase seems quite troublesome). My suggestion would be to increase the constant VHOST_SCSI_ABI_VERSION if there are API changes, so that userspace can recognize the new version through the VHOST_SCSI_GET_ABI_VERSION command of ioctl. > The worry would be that if there are userspace tools doing this > and living with the bugs then the above patch would add a regression. > However, I think that's highly unlikely because of how useless/buggy > it is. Agreed. CVE-2024-49863 has shown that no successful SCSI AN requests have been sent from a guest to a vhost-scsi device for years.
