There is currently no way to test the block/iscsi.c block driver. Using a third-party iSCSI target isn't sufficient since we need fault injection and control over I/O request execution in order to exercise specific code paths in the initiator.
Are you willing to co-mentor a Google Summer of Code project to implement an iSCSI target in QEMU? There are two goals: 1. Runtime iSCSI target QMP commands to start/stop and add/remove LUNs. 2. qemu-iscsi wrapper program for easy command-line launching. I think iSCSI target functionality will be useful beyond testing. It will make it possible to attach disk images to physical machines or VMs using a widely implemented protocol. QEMU already has blkdebug for fault injection and a SCSI target. We're just missing the iSCSI wire protocol that wraps SCSI CDBs. The basic idea is to implement a runtime iSCSI server (similar to the NBD server) that speaks the iSCSI protocol and passes SCSI requests to QEMU's SCSI target. I briefly looked at include/hw/scsi/scsi.h to check if this is feasible. It looks like it's possible to instantiate a SCSIBus without a parent DeviceState. The SCSI target is tied to device emulation since every LUN is a SCSIDevice and it's also tied to live migration. But I don't think these things prevent iSCSI from reusing this code. The next step is to look at the iSCSI RFC to determine how feasible this would be: https://tools.ietf.org/html/rfc7143 Stefan