[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] support >2TB SCSI disks
|
From: |
Paul Brook |
|
Subject: |
Re: [Qemu-devel] [PATCH] support >2TB SCSI disks |
|
Date: |
Wed, 28 Jan 2009 12:30:28 +0000 |
|
User-agent: |
KMail/1.9.9 |
> case 0:
> - lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
> + lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
> + (((uint64_t) buf[1] & 0x1f) << 16);
This is not required, though I guess it's harmless.
> case 4:
>...
> len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
>...
> + case 0x88:
> r->sector_count = len * s->cluster_size;
Implementing these commands introduces several overflows. There are several
places (including SCSIRequest->sector_count and the return value from
scsi_send_comand) that assume the transfer length fits in a signed (32-bit)
int.
We should to implement the Block Limits VPD page, and enforce these limits.
> + /* Returned value is the address of the last sector. */
> + if (nb_sectors) {
> + nb_sectors--;
By my reading both this and the current Read Capacity(10) are incorrect.
They need to divide by s->cluster_size.
Paul