aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi-bus.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2012-05-03 15:28:05 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2012-05-07 08:44:20 +0200
commitf62d0594604399e89ca8ece730a2a79110de5d77 (patch)
treee103c514832ce218de24b377584251ab6aa2d3cf /hw/scsi-bus.c
parentda8365dbab51c445832137aa637bb5b990174b24 (diff)
downloadqemu-f62d0594604399e89ca8ece730a2a79110de5d77.zip
qemu-f62d0594604399e89ca8ece730a2a79110de5d77.tar.gz
qemu-f62d0594604399e89ca8ece730a2a79110de5d77.tar.bz2
scsi: do not report bogus overruns for commands in the 0x00-0x1F range
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only needed for READ_6 and WRITE_6. No other command in that range needs that special-casing, and the resulting overrun breaks scsi-testsuite's attempt to use command 2 as a known-invalid command. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi-bus.c')
-rw-r--r--hw/scsi-bus.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 08d5088..5fbf8db 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -735,10 +735,6 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
case 0:
cmd->xfer = buf[4];
cmd->len = 6;
- /* length 0 means 256 blocks */
- if (cmd->xfer == 0) {
- cmd->xfer = 256;
- }
break;
case 1:
case 2:
@@ -808,18 +804,26 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
cmd->xfer = buf[9] | (buf[8] << 8);
}
break;
+ case WRITE_6:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
case WRITE_10:
case WRITE_VERIFY_10:
- case WRITE_6:
case WRITE_12:
case WRITE_VERIFY_12:
case WRITE_16:
case WRITE_VERIFY_16:
cmd->xfer *= dev->blocksize;
break;
- case READ_10:
case READ_6:
case READ_REVERSE:
+ /* length 0 means 256 blocks */
+ if (cmd->xfer == 0) {
+ cmd->xfer = 256;
+ }
+ case READ_10:
case RECOVER_BUFFERED_DATA:
case READ_12:
case READ_16: