qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Subject: [PULL 14/20] scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
Date: Thu, 14 Jul 2022 11:02:05 +0200	[thread overview]
Message-ID: <20220714090211.304305-15-pbonzini@redhat.com> (raw)
In-Reply-To: <20220714090211.304305-1-pbonzini@redhat.com>

From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

When A/UX configures the CDROM device it sends a truncated MODE SELECT request
for page 1 (MODE_PAGE_R_W_ERROR) which is only 6 bytes in length rather than
10. This seems to be due to bug in Apple's code which calculates the CDB message
length incorrectly.

The work at [1] suggests that this truncated request is accepted on real
hardware whereas in QEMU it generates an INVALID_PARAM_LEN sense code which
causes A/UX to get stuck in a loop retrying the command in an attempt to succeed.

Alter the mode page request length check so that truncated requests are allowed
if the SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk is enabled, whilst also adding a
trace event to enable the condition to be detected.

[1] https://68kmla.org/bb/index.php?threads/scsi2sd-project-anyone-interested.29040/page-7#post-316444

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-10-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/scsi-disk.c    | 7 ++++++-
 hw/scsi/trace-events   | 1 +
 include/hw/scsi/scsi.h | 1 +
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 9413b33bac..2b2e496ebd 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1552,7 +1552,10 @@ static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
             goto invalid_param;
         }
         if (page_len > len) {
-            goto invalid_param_len;
+            if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
+                goto invalid_param_len;
+            }
+            trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
         }
 
         if (!change) {
@@ -3151,6 +3154,8 @@ static Property scsi_cd_properties[] = {
     DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
                     quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
                     0),
+    DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
+                    SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
     DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events
index 03b2640934..8e927ff62d 100644
--- a/hw/scsi/trace-events
+++ b/hw/scsi/trace-events
@@ -339,6 +339,7 @@ scsi_disk_dma_command_READ(uint64_t lba, uint32_t len) "Read (sector %" PRId64 "
 scsi_disk_dma_command_WRITE(const char *cmd, uint64_t lba, int len) "Write %s(sector %" PRId64 ", count %u)"
 scsi_disk_new_request(uint32_t lun, uint32_t tag, const char *line) "Command: lun=%d tag=0x%x data=%s"
 scsi_disk_aio_sgio_command(uint32_t tag, uint8_t cmd, uint64_t lba, int len, uint32_t timeout) "disk aio sgio: tag=0x%x cmd=0x%x (sector %" PRId64 ", count %d) timeout=%u"
+scsi_disk_mode_select_page_truncated(int page, int len, int page_len) "page %d expected length %d but received length %d"
 
 # scsi-generic.c
 scsi_generic_command_complete_noio(void *req, uint32_t tag, int statuc) "Command complete %p tag=0x%x status=%d"
diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
index 011cb84753..e284e3a4ec 100644
--- a/include/hw/scsi/scsi.h
+++ b/include/hw/scsi/scsi.h
@@ -230,5 +230,6 @@ extern const SCSIReqOps scsi_generic_req_ops;
 #define SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR             0
 #define SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD             1
 #define SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE    2
+#define SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED                3
 
 #endif
-- 
2.36.1




  parent reply	other threads:[~2022-07-14  9:26 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-14  9:01 [PULL 00/20] SCSI, build system patches for 2022-07-13 Paolo Bonzini
2022-07-14  9:01 ` [PULL 01/20] scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) Paolo Bonzini
2022-07-14  9:01 ` [PULL 02/20] cutils: Introduce bundle mechanism Paolo Bonzini
2022-07-14  9:01 ` [PULL 03/20] datadir: Use " Paolo Bonzini
2022-07-14  9:01 ` [PULL 04/20] module: " Paolo Bonzini
2022-07-14  9:01 ` [PULL 05/20] meson: Prefix each element of firmware path Paolo Bonzini
2022-07-18 12:48   ` Thomas Huth
2022-07-14  9:01 ` [PULL 06/20] scsi-disk: add new quirks bitmap to SCSIDiskState Paolo Bonzini
2022-07-14  9:01 ` [PULL 07/20] scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh Paolo Bonzini
2022-07-14  9:01 ` [PULL 08/20] q800: implement compat_props to enable quirk_mode_page_apple_vendor for scsi-cd devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 09/20] scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh Paolo Bonzini
2022-07-14  9:02 ` [PULL 10/20] q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for scsi-cd devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 11/20] scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for Macintosh Paolo Bonzini
2022-07-14  9:02 ` [PULL 12/20] q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple for scsi devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 13/20] scsi-disk: add FORMAT UNIT command Paolo Bonzini
2022-07-14  9:02 ` Paolo Bonzini [this message]
2022-07-14  9:02 ` [PULL 15/20] q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 16/20] scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM drives Paolo Bonzini
2022-07-14  9:02 ` [PULL 17/20] scsi-disk: allow MODE SELECT block descriptor to set the block size Paolo Bonzini
2022-07-14  9:02 ` [PULL 18/20] q800: add default vendor and product information for scsi-hd devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 19/20] q800: add default vendor and product information for scsi-cd devices Paolo Bonzini
2022-07-14  9:02 ` [PULL 20/20] pc-bios/s390-ccw: add -Wno-array-bounds Paolo Bonzini
2022-07-15 10:10 ` [PULL 00/20] SCSI, build system patches for 2022-07-13 Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220714090211.304305-15-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=mark.cave-ayland@ilande.co.uk \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).