SCSI: Handle inquiry commands of varying length (Justin Chevrier).

Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk expecting a response length of 40 bytes. Currently the response to an Inquiry command is hardcoded to 36 bytes. When receiving a response of length 36 instead of 40 Openserver panics. Modifications to original patch based on feedback from Ryan Harper and Paul Brook. Thanks guys. Signed-off-by: Justin Chevrier <address@hidden> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5903 c046a42c-6fe2-441c-8c8c-71466251a162

SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk expecting a response length of 40 bytes. Currently the response to an Inquiry command is hardcoded to 36 bytes. When receiving a response of length 36 instead of 40 Openserver panics. Modifications to original patch based on feedback from Ryan Harper and Paul Brook. Thanks guys. Signed-off-by: Justin Chevrier <address@hidden> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5903 c046a42c-6fe2-441c-8c8c-71466251a162
balrog
1 parent 02b373ad
Showing 1 changed file with 8 additions and 3 deletions
hw/scsi-disk.c
@@ -38,6 +38,7 @@ do { fprintf(stderr, &quot;scsi-disk: &quot; fmt , ##args); } while (0)
 #define STATUS_CHECK_CONDITION 2
  
 #define SCSI_DMA_BUF_SIZE    131072
+#define SCSI_MAX_INQUIRY_LEN 256
  
 typedef struct SCSIRequest {
     SCSIDeviceState *dev;
@@ -492,7 +493,11 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
                      "is less than 36 (TODO: only 5 required)\n", len);
             }
         }
-	memset(outbuf, 0, 36);
+
+        if(len > SCSI_MAX_INQUIRY_LEN)
+            len = SCSI_MAX_INQUIRY_LEN;
+
+        memset(outbuf, 0, len);
  
         if (lun || buf[1] >> 5) {
             outbuf[0] = 0x7f;	/* LUN not supported */
@@ -510,10 +515,10 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
            Some later commands are also implemented. */
 	outbuf[2] = 3;
 	outbuf[3] = 2; /* Format 2 */
-	outbuf[4] = 31;
+	outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
         /* Sync data transfer and TCQ.  */
         outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
-	r->buf_len = 36;
+	r->buf_len = len;
 	break;
     case 0x16:
         DPRINTF("Reserve(6)\n");