* program to test various ATAPI transfer lengths (and brasero bugs)
@ 2007-11-27 15:30 Tejun Heo
2007-12-02 21:07 ` Daniel Drake
0 siblings, 1 reply; 2+ messages in thread
From: Tejun Heo @ 2007-11-27 15:30 UTC (permalink / raw)
To: Daniel Drake, Jeff Garzik, IDE/ATA development list, Alan Cox
[-- Attachment #1: Type: text/plain, Size: 459 bytes --]
Hello, all.
Here's the program I used to test various ATAPI transfer lengths based
on the sample code Daniel Drake posted a while ago. The code Daniel
Drake posted was taken from brasero and had the following bug.
Byte 7 is high byte of alloc size not low and the whole CDB should be
ten bytes long instead of nine. SPC tries to trick you here by omitting
byte 5 in Reserved field.
Daniel, care to forward this to brasero developers?
Thanks.
--
tejun
[-- Attachment #2: test-shortsg.c --]
[-- Type: text/x-csrc, Size: 2882 bytes --]
#include <stdio.h>
#include <scsi/sg.h>
#include <scsi/scsi.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
static void print_hex(const unsigned char *p, int len)
{
int i;
for (i = 0; i < len; i++) {
if (i % 16 == 0)
printf("%04x: ", i);
printf("%02x", p[i]);
if (i % 4 == 3) {
if (i % 16 == 15)
printf("\n");
else
printf(" ");
} else
printf(" ");
}
if (len % 16)
printf("\n");
}
int main(int argc, char **argv)
{
struct sg_io_hdr transport;
unsigned char mode_sense_cmd[] = {
0x5a, //opcode -- mode sense(10)
0x08, //dbd, llbaa -- dbd=1
0x2a, //page code -- BRASERO_SPC_PAGE_STATUS
// spc-3 says thats "CD capabilities and mechanical status"
//
0x00, //brasero says reserved, spc3 says subpage code
0x00, //reserved
0x00, //reserved
0x00, //reserved
0x00, //alloc len
0x00, //alloc len
0x00, //ctl
};
unsigned char get_configuration_cmd[] = {
0x46, //opcode -- get configuration
0x00, //RT: 0
0x00, //
0x00, //starting feature number: 0
0x00, //reserved
0x00, //reserved
0x00, //reserved
0x00, //alloc len
0x00, //alloc len
0x00, //ctl
};
unsigned char *cmd, *buffer;
unsigned char sense_data[32];
unsigned int buf_len, alloc_len;
int r;
int fd;
if (argc < 4) {
fprintf(stderr, "Usage: test-shortsg (m|g) DEVICE BUFLEN [ALLOCLEN]\n");
return 1;
}
switch (argv[1][0]) {
case 'm':
cmd = mode_sense_cmd;
break;
case 'g':
cmd = get_configuration_cmd;
break;
default:
fprintf(stderr, "invalid cmd selector '%c'\n", argv[1][0]);
}
fd = open(argv[2], O_RDONLY|O_NONBLOCK);
if (fd < 0) {
perror("open");
return 1;
}
alloc_len = buf_len = atoi(argv[3]);
if (argc >= 5)
alloc_len = atoi(argv[4]);
if (buf_len > 0xFFFE || alloc_len > 0xFFFE) {
fprintf(stderr, "invalid buf/alloc len\n");
return 1;
}
printf("buf len is %u bytes, alloc len is %u bytes\n",
buf_len, alloc_len);
buffer = malloc(buf_len);
if (!buffer) {
perror("malloc");
return 1;
}
cmd[7] = (alloc_len >> 8) & 0xff;
cmd[8] = alloc_len & 0xff;
printf("* CDB\n");
print_hex(cmd, 10);
memset(&transport, 0, sizeof(transport));
memset(buffer, 0xdb, buf_len);
memset(sense_data, 0, sizeof(sense_data));
transport.interface_id = 'S';
transport.cmdp = cmd;
transport.cmd_len = 10;
transport.dxferp = buffer;
transport.dxfer_len = buf_len;
transport.sbp = sense_data;
transport.mx_sb_len = sizeof(sense_data);
transport.dxfer_direction = SG_DXFER_FROM_DEV;
r = ioctl(fd, SG_IO, &transport);
printf("* result %d, buffer content follows\n", r);
print_hex(buffer, buf_len);
if ((transport.masked_status & CHECK_CONDITION) && transport.sb_len_wr) {
printf("\n* check sense data:\n");
print_hex(sense_data, sizeof(sense_data));
}
return 0;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: program to test various ATAPI transfer lengths (and brasero bugs)
2007-11-27 15:30 program to test various ATAPI transfer lengths (and brasero bugs) Tejun Heo
@ 2007-12-02 21:07 ` Daniel Drake
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Drake @ 2007-12-02 21:07 UTC (permalink / raw)
To: Tejun Heo; +Cc: Jeff Garzik, IDE/ATA development list, Alan Cox
Tejun Heo wrote:
> Here's the program I used to test various ATAPI transfer lengths based
> on the sample code Daniel Drake posted a while ago. The code Daniel
> Drake posted was taken from brasero and had the following bug.
>
> Byte 7 is high byte of alloc size not low and the whole CDB should be
> ten bytes long instead of nine. SPC tries to trick you here by omitting
> byte 5 in Reserved field.
>
> Daniel, care to forward this to brasero developers?
Well spotted! Thanks a lot for looking into this. I've sent a fix to the
brasero developers.
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-12-02 21:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-27 15:30 program to test various ATAPI transfer lengths (and brasero bugs) Tejun Heo
2007-12-02 21:07 ` Daniel Drake
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).