Re: [Qemu-devel] [PATCH v2 3/6] scsi: fix parsing of allocation length field

[Kevin Wolf <kwolf@redhat.com>]

Am 14.11.2011 14:31, schrieb Paolo Bonzini:
> - several MMC commands were parsed wrong by QEMU because their allocation
> length/parameter list length is placed in a non-standard position in
> the CDB (i.e. it is different from most commands with the same value in
> bits 5-7).
> 
> - SEND VOLUME TAG length was multiplied by 40 which is not in SMC.  The
> parameter list length is between 32 and 40 bytes.  Same for MEDIUM SCAN
> (spec found at http://ldkelley.com/SCSI2/SCSI2-16.html but not in any of
> the PDFs I have here).
> 
> - READ_POSITION (SSC) conflicts with PRE_FETCH (SBC).  READ_POSITION's
> transfer length is not hardcoded to 20 in SSC; for PRE_FETCH cmd->xfer
> should be 0.  Both fixed.
> 
> - FORMAT MEDIUM (the SSC name for FORMAT UNIT) was missing.  The FORMAT
> UNIT command is still somewhat broken for block devices because its
> parameter list length is not in the CDB.  However it works for CD/DVD
> drives, which mandate the length of the payload.
> 
> - fixed wrong sign-extensions for 32-bit fields (for the LBA field,
> this affects disks >1 TB).
> 
> - several other SBC or SSC commands were missing or parsed wrong.
> 
> - some commands were not in the list of "write" commands.
> 
> Reported-by: Thomas Schmitt <scdbackup@gmx.net>
> Tested-by: Thomas Schmitt <scdbackup@gmx.net> (MMC bits only)
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/scsi-bus.c |   95 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
>  1 files changed, 86 insertions(+), 9 deletions(-)

> @@ -671,11 +696,11 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
>          cmd->len = 10;
>          break;
>      case 4:
> -        cmd->xfer = ldl_be_p(&buf[10]);
> +        cmd->xfer = ldl_be_p(&buf[10]) & 0xffffffffULL;

Makes me wonder why we don't have an unsigned version of ldl_be_p...

I'll apply this anyway, we can still clean it up on top if we like.

Kevin