program to test various ATAPI transfer lengths (and brasero bugs)

linux-ide.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* program to test various ATAPI transfer lengths (and brasero bugs)
@ 2007-11-27 15:30 Tejun Heo
  2007-12-02 21:07 ` Daniel Drake
  0 siblings, 1 reply; 2+ messages in thread
From: Tejun Heo @ 2007-11-27 15:30 UTC (permalink / raw)
  To: Daniel Drake, Jeff Garzik, IDE/ATA development list, Alan Cox

[-- Attachment #1: Type: text/plain, Size: 459 bytes --]

Hello, all.

Here's the program I used to test various ATAPI transfer lengths based
on the sample code Daniel Drake posted a while ago.  The code Daniel
Drake posted was taken from brasero and had the following bug.

Byte 7 is high byte of alloc size not low and the whole CDB should be
ten bytes long instead of nine.  SPC tries to trick you here by omitting
byte 5 in Reserved field.

Daniel, care to forward this to brasero developers?

Thanks.

-- 
tejun

[-- Attachment #2: test-shortsg.c --]
[-- Type: text/x-csrc, Size: 2882 bytes --]

#include <stdio.h>
#include <scsi/sg.h>
#include <scsi/scsi.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

static void print_hex(const unsigned char *p, int len)
{
	int i;

	for (i = 0; i < len; i++) {
		if (i % 16 == 0)
			printf("%04x: ", i);
		printf("%02x", p[i]);
		if (i % 4 == 3) {
			if (i % 16 == 15)
				printf("\n");
			else
				printf("  ");
		} else
			printf(" ");
	}
	if (len % 16)
		printf("\n");
}

int main(int argc, char **argv)
{
	struct sg_io_hdr transport;
	unsigned char mode_sense_cmd[] = {
		0x5a, //opcode -- mode sense(10)
		0x08, //dbd, llbaa -- dbd=1
		0x2a, //page code -- BRASERO_SPC_PAGE_STATUS
		      // spc-3 says thats "CD capabilities and mechanical status"
			  //
		0x00, //brasero says reserved, spc3 says subpage code
		0x00, //reserved
		0x00, //reserved
		0x00, //reserved
		0x00, //alloc len
		0x00, //alloc len
		0x00, //ctl
	};
	unsigned char get_configuration_cmd[] = {
		0x46, //opcode -- get configuration
		0x00, //RT: 0
		0x00, //
		0x00, //starting feature number: 0
		0x00, //reserved
		0x00, //reserved
		0x00, //reserved
		0x00, //alloc len
		0x00, //alloc len
		0x00, //ctl
	};
	unsigned char *cmd, *buffer;
	unsigned char sense_data[32];
	unsigned int buf_len, alloc_len;
	int r;
	int fd;

	if (argc < 4) {
		fprintf(stderr, "Usage: test-shortsg (m|g) DEVICE BUFLEN [ALLOCLEN]\n");
		return 1;
	}

	switch (argv[1][0]) {
	case 'm':
		cmd = mode_sense_cmd;
		break;
	case 'g':
		cmd = get_configuration_cmd;
		break;
	default:
		fprintf(stderr, "invalid cmd selector '%c'\n", argv[1][0]);
	}

	fd = open(argv[2], O_RDONLY|O_NONBLOCK);
	if (fd < 0) {
		perror("open");
		return 1;
	}

	alloc_len = buf_len = atoi(argv[3]);

	if (argc >= 5)
		alloc_len = atoi(argv[4]);

	if (buf_len > 0xFFFE || alloc_len > 0xFFFE) {
		fprintf(stderr, "invalid buf/alloc len\n");
		return 1;
	}

	printf("buf len is %u bytes, alloc len is %u bytes\n",
	       buf_len, alloc_len);

	buffer = malloc(buf_len);
	if (!buffer) {
		perror("malloc");
		return 1;
	}

	cmd[7] = (alloc_len >> 8) & 0xff;
	cmd[8] = alloc_len & 0xff;

	printf("* CDB\n");
	print_hex(cmd, 10);

	memset(&transport, 0, sizeof(transport));
	memset(buffer, 0xdb, buf_len);
	memset(sense_data, 0, sizeof(sense_data));

	transport.interface_id = 'S';
	transport.cmdp = cmd;
	transport.cmd_len = 10;
	transport.dxferp = buffer;
	transport.dxfer_len = buf_len;
	transport.sbp = sense_data;
	transport.mx_sb_len = sizeof(sense_data);
	transport.dxfer_direction = SG_DXFER_FROM_DEV;

	r = ioctl(fd, SG_IO, &transport);

	printf("* result %d, buffer content follows\n", r);
	print_hex(buffer, buf_len);

	if ((transport.masked_status & CHECK_CONDITION) && transport.sb_len_wr) {
		printf("\n* check sense data:\n");
		print_hex(sense_data, sizeof(sense_data));
	}

	return 0;
}

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: program to test various ATAPI transfer lengths (and brasero bugs)
  2007-11-27 15:30 program to test various ATAPI transfer lengths (and brasero bugs) Tejun Heo
@ 2007-12-02 21:07 ` Daniel Drake
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Drake @ 2007-12-02 21:07 UTC (permalink / raw)
  To: Tejun Heo; +Cc: Jeff Garzik, IDE/ATA development list, Alan Cox

Tejun Heo wrote:
> Here's the program I used to test various ATAPI transfer lengths based
> on the sample code Daniel Drake posted a while ago.  The code Daniel
> Drake posted was taken from brasero and had the following bug.
> 
> Byte 7 is high byte of alloc size not low and the whole CDB should be
> ten bytes long instead of nine.  SPC tries to trick you here by omitting
> byte 5 in Reserved field.
> 
> Daniel, care to forward this to brasero developers?

Well spotted! Thanks a lot for looking into this. I've sent a fix to the 
brasero developers.

Daniel


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-12-02 21:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-27 15:30 program to test various ATAPI transfer lengths (and brasero bugs) Tejun Heo
2007-12-02 21:07 ` Daniel Drake

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).