diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2012-05-03 15:28:05 +0200 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2012-05-07 08:44:20 +0200 |
commit | f62d0594604399e89ca8ece730a2a79110de5d77 (patch) | |
tree | e103c514832ce218de24b377584251ab6aa2d3cf /hw/scsi-bus.c | |
parent | da8365dbab51c445832137aa637bb5b990174b24 (diff) | |
download | qemu-f62d0594604399e89ca8ece730a2a79110de5d77.zip qemu-f62d0594604399e89ca8ece730a2a79110de5d77.tar.gz qemu-f62d0594604399e89ca8ece730a2a79110de5d77.tar.bz2 |
scsi: do not report bogus overruns for commands in the 0x00-0x1F range
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only
needed for READ_6 and WRITE_6. No other command in that range needs
that special-casing, and the resulting overrun breaks scsi-testsuite's
attempt to use command 2 as a known-invalid command.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi-bus.c')
-rw-r--r-- | hw/scsi-bus.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c index 08d5088..5fbf8db 100644 --- a/hw/scsi-bus.c +++ b/hw/scsi-bus.c @@ -735,10 +735,6 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) case 0: cmd->xfer = buf[4]; cmd->len = 6; - /* length 0 means 256 blocks */ - if (cmd->xfer == 0) { - cmd->xfer = 256; - } break; case 1: case 2: @@ -808,18 +804,26 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) cmd->xfer = buf[9] | (buf[8] << 8); } break; + case WRITE_6: + /* length 0 means 256 blocks */ + if (cmd->xfer == 0) { + cmd->xfer = 256; + } case WRITE_10: case WRITE_VERIFY_10: - case WRITE_6: case WRITE_12: case WRITE_VERIFY_12: case WRITE_16: case WRITE_VERIFY_16: cmd->xfer *= dev->blocksize; break; - case READ_10: case READ_6: case READ_REVERSE: + /* length 0 means 256 blocks */ + if (cmd->xfer == 0) { + cmd->xfer = 256; + } + case READ_10: case RECOVER_BUFFERED_DATA: case READ_12: case READ_16: |