[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 05/11] usb/msd: Improve packet validation error logging
|
From: |
Nicholas Piggin |
|
Subject: |
[PATCH 05/11] usb/msd: Improve packet validation error logging |
|
Date: |
Thu, 12 Dec 2024 19:13:16 +1000 |
Errors in incoming USB MSD packet format or context would typically
be guest software errors. Log these under guest errors.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
hw/usb/dev-storage.c | 53 +++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 11 deletions(-)
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index c7c36ac80fa..af9eb7ea8a5 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -10,6 +10,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/error-report.h"
+#include "qemu/log.h"
#include "qemu/module.h"
#include "qemu/option.h"
#include "qemu/config-file.h"
@@ -395,6 +396,36 @@ static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p)
}
}
+static bool try_get_valid_cbw(USBPacket *p, struct usb_msd_cbw *cbw)
+{
+ uint32_t sig;
+
+ if (p->iov.size != 31) {
+ qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: Bad CBW size %ld\n",
+ p->iov.size);
+ return false;
+ }
+ usb_packet_copy(p, cbw, 31);
+ sig = le32_to_cpu(cbw->sig);
+ if (sig != 0x43425355) {
+ qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: Bad CBW signature 0x%08x\n",
+ sig);
+ return false;
+ }
+
+ return true;
+}
+
+static bool check_valid_csw(USBPacket *p)
+{
+ if (p->iov.size < 13) {
+ qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: Bad CSW size %ld\n",
+ p->iov.size);
+ return false;
+ }
+ return true;
+}
+
static void usb_msd_handle_data_out(USBDevice *dev, USBPacket *p)
{
MSDState *s = (MSDState *)dev;
@@ -405,19 +436,13 @@ static void usb_msd_handle_data_out(USBDevice *dev,
USBPacket *p)
switch (s->mode) {
case USB_MSDM_CBW:
- if (p->iov.size != 31) {
- error_report("usb-msd: Bad CBW size");
- goto fail;
- }
- usb_packet_copy(p, &cbw, 31);
- if (le32_to_cpu(cbw.sig) != 0x43425355) {
- error_report("usb-msd: Bad signature %08x",
- le32_to_cpu(cbw.sig));
+ if (!try_get_valid_cbw(p, &cbw)) {
goto fail;
}
scsi_dev = scsi_device_find(&s->bus, 0, 0, cbw.lun);
if (scsi_dev == NULL) {
- error_report("usb-msd: Bad LUN %d", cbw.lun);
+ qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: Bad CBW LUN %d\n",
+ cbw.lun);
goto fail;
}
tag = le32_to_cpu(cbw.tag);
@@ -489,9 +514,15 @@ static void usb_msd_handle_data_in(USBDevice *dev,
USBPacket *p)
switch (s->mode) {
case USB_MSDM_DATAOUT:
- if (s->data_len != 0 || p->iov.size < 13) {
+ if (!check_valid_csw(p)) {
+ goto fail;
+ }
+ if (s->data_len != 0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: CSW received before "
+ "all data was sent\n");
goto fail;
}
+
/* Waiting for SCSI write to complete. */
trace_usb_msd_packet_async();
s->packet = p;
@@ -499,7 +530,7 @@ static void usb_msd_handle_data_in(USBDevice *dev,
USBPacket *p)
break;
case USB_MSDM_CSW:
- if (p->iov.size < 13) {
+ if (!check_valid_csw(p)) {
goto fail;
}
--
2.45.2
- [PATCH 00/11] usb/msd: Permit relaxed ordering of IN packets, Nicholas Piggin, 2024/12/12
- [PATCH 01/11] usb/msd: Add status to usb_msd_packet_complete() function, Nicholas Piggin, 2024/12/12
- [PATCH 03/11] usb/msd: Ensure packet structure layout is correct, Nicholas Piggin, 2024/12/12
- [PATCH 02/11] usb/msd: Split in and out packet handling, Nicholas Piggin, 2024/12/12
- [PATCH 04/11] usb/msd: Improved handling of mass storage reset, Nicholas Piggin, 2024/12/12
- [PATCH 05/11] usb/msd: Improve packet validation error logging,
Nicholas Piggin <=
- [PATCH 06/11] usb/msd: Allow CBW packet size greater than 31, Nicholas Piggin, 2024/12/12
- [PATCH 07/11] usb/msd: Split async packet tracking into data and csw, Nicholas Piggin, 2024/12/12
- [PATCH 08/11] usb/msd: Add some additional assertions, Nicholas Piggin, 2024/12/12
- [PATCH 09/11] usb/msd: Rename mode to cbw_state, and tweak names, Nicholas Piggin, 2024/12/12
- [PATCH 10/11] usb/msd: Permit a DATA-IN or CSW packet before CBW packet, Nicholas Piggin, 2024/12/12
- [PATCH 11/11] usb/msd: Add more tracing, Nicholas Piggin, 2024/12/12