[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 08/14] scsi: do not report bogus overruns for comman
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PATCH 08/14] scsi: do not report bogus overruns for commands in the 0x00-0x1F range |
Date: |
Fri, 4 May 2012 10:45:48 +0200 |
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only
needed for READ_6 and WRITE_6. No other command in that range needs
that special-casing, and the resulting overrun breaks scsi-testsuite's
attempt to use command 2 as a known-invalid command.
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/scsi-bus.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 08d5088..5fbf8db 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -735,10 +735,6 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice
*dev, uint8_t *buf)
case 0:
cmd->xfer = buf[4];
cmd->len = 6;
- /* length 0 means 256 blocks */
- if (cmd->xfer == 0) {
- cmd->xfer = 256;
- }
break;
case 1:
case 2:
@@ -808,18 +804,26 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice
*dev, uint8_t *buf)
cmd->xfer = buf[9] | (buf[8] << 8);
}
break;
+ case WRITE_6:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
case WRITE_10:
case WRITE_VERIFY_10:
- case WRITE_6:
case WRITE_12:
case WRITE_VERIFY_12:
case WRITE_16:
case WRITE_VERIFY_16:
cmd->xfer *= dev->blocksize;
break;
- case READ_10:
case READ_6:
case READ_REVERSE:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
+ case READ_10:
case RECOVER_BUFFERED_DATA:
case READ_12:
case READ_16:
--
1.7.9.3
- Re: [Qemu-devel] [PATCH 02/14] scsi: prevent data transfer overflow, (continued)
[Qemu-devel] [PATCH 04/14] scsi: fix WRITE SAME transfer length and direction, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 05/14] scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 06/14] scsi: change "removable" field to host many features, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 07/14] scsi-disk: add dpofua property, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 08/14] scsi: do not report bogus overruns for commands in the 0x00-0x1F range,
Paolo Bonzini <=
[Qemu-devel] [PATCH 09/14] scsi: parse 16-byte tape CDBs, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 11/14] scsi: do not require a minimum allocation length for REQUEST SENSE, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 12/14] scsi: set VALID bit to 0 in fixed format sense data, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 13/14] scsi: remove useless debug messages, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 10/14] scsi: do not require a minimum allocation length for INQUIRY, Paolo Bonzini, 2012/05/04
[Qemu-devel] [PATCH 14/14] scsi: Add assertion for use-after-free errors, Paolo Bonzini, 2012/05/04
Re: [Qemu-devel] [PULL 00/14] SCSI changes for 1.1, Anthony Liguori, 2012/05/08