From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:46562) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Sld8k-000462-0e for qemu-devel@nongnu.org; Mon, 02 Jul 2012 05:41:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Sld8i-0006cP-08 for qemu-devel@nongnu.org; Mon, 02 Jul 2012 05:41:53 -0400 Received: from mail-wi0-f175.google.com ([209.85.212.175]:46516) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Sld8h-0006YB-Nm for qemu-devel@nongnu.org; Mon, 02 Jul 2012 05:41:51 -0400 Received: by mail-wi0-f175.google.com with SMTP id hm2so2425777wib.10 for ; Mon, 02 Jul 2012 02:41:50 -0700 (PDT) Sender: Paolo Bonzini From: Paolo Bonzini Date: Mon, 2 Jul 2012 11:41:25 +0200 Message-Id: <1341222087-24920-13-git-send-email-pbonzini@redhat.com> In-Reply-To: <1341222087-24920-1-git-send-email-pbonzini@redhat.com> References: <1341222087-24920-1-git-send-email-pbonzini@redhat.com> Subject: [Qemu-devel] [PATCH 12/14] scsi: Ensure command and transfer lengths are set for all SCSI devices List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org scsi-generic relies on those values to be correct, so it is important that those values are initialized properly for all device types. Reported-by: Christian Hoff Reported-by: Christian Borntraeger Signed-off-by: Paolo Bonzini --- hw/scsi-bus.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c index 2d4429c..4ec9b52 100644 --- a/hw/scsi-bus.c +++ b/hw/scsi-bus.c @@ -734,20 +734,16 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) switch (buf[0] >> 5) { case 0: cmd->xfer = buf[4]; - cmd->len = 6; break; case 1: case 2: cmd->xfer = lduw_be_p(&buf[7]); - cmd->len = 10; break; case 4: cmd->xfer = ldl_be_p(&buf[10]) & 0xffffffffULL; - cmd->len = 16; break; case 5: cmd->xfer = ldl_be_p(&buf[6]) & 0xffffffffULL; - cmd->len = 12; break; default: return -1; @@ -884,7 +880,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu case READ_REVERSE: case RECOVER_BUFFERED_DATA: case WRITE_6: - cmd->len = 6; cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16); if (buf[1] & 0x01) { /* fixed */ cmd->xfer *= dev->blocksize; @@ -894,7 +889,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu case READ_REVERSE_16: case VERIFY_16: case WRITE_16: - cmd->len = 16; cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16); if (buf[1] & 0x01) { /* fixed */ cmd->xfer *= dev->blocksize; @@ -902,7 +896,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu break; case REWIND: case LOAD_UNLOAD: - cmd->len = 6; cmd->xfer = 0; break; case SPACE_16: @@ -1000,6 +993,24 @@ int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) { int rc; + switch (buf[0] >> 5) { + case 0: + cmd->len = 6; + break; + case 1: + case 2: + cmd->len = 10; + break; + case 4: + cmd->len = 16; + break; + case 5: + cmd->len = 12; + break; + default: + return -1; + } + if (dev->type == TYPE_TAPE) { rc = scsi_req_stream_length(cmd, dev, buf); } else { -- 1.7.10.2