Commit 51c1ebb1bc2642296379a8db1ba9dfb4f78a2f80
1 parent
6eb5733a
Fix SCSI off-by-one device size.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2091 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
15 additions
and
9 deletions
hw/scsi-disk.c
| ... | ... | @@ -348,15 +348,21 @@ int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun) |
| 348 | 348 | /* The normal LEN field for this command is zero. */ |
| 349 | 349 | memset(s->buf, 0, 8); |
| 350 | 350 | bdrv_get_geometry(s->bdrv, &nb_sectors); |
| 351 | - s->buf[0] = (nb_sectors >> 24) & 0xff; | |
| 352 | - s->buf[1] = (nb_sectors >> 16) & 0xff; | |
| 353 | - s->buf[2] = (nb_sectors >> 8) & 0xff; | |
| 354 | - s->buf[3] = nb_sectors & 0xff; | |
| 355 | - s->buf[4] = 0; | |
| 356 | - s->buf[5] = 0; | |
| 357 | - s->buf[6] = s->cluster_size * 2; | |
| 358 | - s->buf[7] = 0; | |
| 359 | - s->buf_len = 8; | |
| 351 | + /* Returned value is the address of the last sector. */ | |
| 352 | + if (nb_sectors) { | |
| 353 | + nb_sectors--; | |
| 354 | + s->buf[0] = (nb_sectors >> 24) & 0xff; | |
| 355 | + s->buf[1] = (nb_sectors >> 16) & 0xff; | |
| 356 | + s->buf[2] = (nb_sectors >> 8) & 0xff; | |
| 357 | + s->buf[3] = nb_sectors & 0xff; | |
| 358 | + s->buf[4] = 0; | |
| 359 | + s->buf[5] = 0; | |
| 360 | + s->buf[6] = s->cluster_size * 2; | |
| 361 | + s->buf[7] = 0; | |
| 362 | + s->buf_len = 8; | |
| 363 | + } else { | |
| 364 | + scsi_command_complete(s, SENSE_NOT_READY); | |
| 365 | + } | |
| 360 | 366 | break; |
| 361 | 367 | case 0x08: |
| 362 | 368 | case 0x28: | ... | ... |