mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-08-09 18:44:58 -06:00
scsi: Ensure command and transfer lengths are set for all SCSI devices
scsi-generic relies on those values to be correct, so it is important that those values are initialized properly for all device types. Reported-by: Christian Hoff <christian.hoff@de.ibm.com> Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini
parent
15e58a21a8
commit
28b70c9dbd
1 changed files with 18 additions and 7 deletions
|
|
@ -734,20 +734,16 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
|
||||||
switch (buf[0] >> 5) {
|
switch (buf[0] >> 5) {
|
||||||
case 0:
|
case 0:
|
||||||
cmd->xfer = buf[4];
|
cmd->xfer = buf[4];
|
||||||
cmd->len = 6;
|
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
case 2:
|
case 2:
|
||||||
cmd->xfer = lduw_be_p(&buf[7]);
|
cmd->xfer = lduw_be_p(&buf[7]);
|
||||||
cmd->len = 10;
|
|
||||||
break;
|
break;
|
||||||
case 4:
|
case 4:
|
||||||
cmd->xfer = ldl_be_p(&buf[10]) & 0xffffffffULL;
|
cmd->xfer = ldl_be_p(&buf[10]) & 0xffffffffULL;
|
||||||
cmd->len = 16;
|
|
||||||
break;
|
break;
|
||||||
case 5:
|
case 5:
|
||||||
cmd->xfer = ldl_be_p(&buf[6]) & 0xffffffffULL;
|
cmd->xfer = ldl_be_p(&buf[6]) & 0xffffffffULL;
|
||||||
cmd->len = 12;
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -884,7 +880,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu
|
||||||
case READ_REVERSE:
|
case READ_REVERSE:
|
||||||
case RECOVER_BUFFERED_DATA:
|
case RECOVER_BUFFERED_DATA:
|
||||||
case WRITE_6:
|
case WRITE_6:
|
||||||
cmd->len = 6;
|
|
||||||
cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
|
cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
|
||||||
if (buf[1] & 0x01) { /* fixed */
|
if (buf[1] & 0x01) { /* fixed */
|
||||||
cmd->xfer *= dev->blocksize;
|
cmd->xfer *= dev->blocksize;
|
||||||
|
|
@ -894,7 +889,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu
|
||||||
case READ_REVERSE_16:
|
case READ_REVERSE_16:
|
||||||
case VERIFY_16:
|
case VERIFY_16:
|
||||||
case WRITE_16:
|
case WRITE_16:
|
||||||
cmd->len = 16;
|
|
||||||
cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16);
|
cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16);
|
||||||
if (buf[1] & 0x01) { /* fixed */
|
if (buf[1] & 0x01) { /* fixed */
|
||||||
cmd->xfer *= dev->blocksize;
|
cmd->xfer *= dev->blocksize;
|
||||||
|
|
@ -902,7 +896,6 @@ static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *bu
|
||||||
break;
|
break;
|
||||||
case REWIND:
|
case REWIND:
|
||||||
case LOAD_UNLOAD:
|
case LOAD_UNLOAD:
|
||||||
cmd->len = 6;
|
|
||||||
cmd->xfer = 0;
|
cmd->xfer = 0;
|
||||||
break;
|
break;
|
||||||
case SPACE_16:
|
case SPACE_16:
|
||||||
|
|
@ -1000,6 +993,24 @@ int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
switch (buf[0] >> 5) {
|
||||||
|
case 0:
|
||||||
|
cmd->len = 6;
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
case 2:
|
||||||
|
cmd->len = 10;
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
cmd->len = 16;
|
||||||
|
break;
|
||||||
|
case 5:
|
||||||
|
cmd->len = 12;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (dev->type == TYPE_TAPE) {
|
if (dev->type == TYPE_TAPE) {
|
||||||
rc = scsi_req_stream_length(cmd, dev, buf);
|
rc = scsi_req_stream_length(cmd, dev, buf);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue