Background: The Linux VirtIO framework supports the VirtIO 1.0 protocol. Section 5.6 of the VirtIO 1.0 specification defines the Host SCSI device type. Section 5.6.3 defines Host SCSI negotiable features. In the VirtIO model, during the initial negotiation, the device offers the set of features it supports, then the (VM guest) driver confirms which of the features offered it accepts. Any features the device doesn't explicitly offer, or the driver doesn't explicitly accept, are considered disabled and should not be used by either side. The bug: Section 5.6.3 includes the VIRTIO_SCSI_F_INOUT feature (bit) among the set of negotiable features, which, when *enabled*, indicates a single request can include both device writeable and readable data buffers. Unfortunately, virtio_scsi (Linux driver) doesn't negotiate that feature at all, and by ignoring it (e.g. not explicitly accepting it), the device should assume the in/out feature is disabled. Regardless of the implication that the Linux driver doesn't support the feature (even if explicitly offered by the device), Linux sends in/out data buffers with each request anyway. Reference code: Confirming lack of support for the VirtIO 1.0 VIRTIO_SCSI_F_INOUT feature, look at the features[] definition in drivers/scsi/virtio_scsi.c. It lists all the Host SCSI features, except VIRTIO_SCSI_F_INOUT.