Commit 575750581c6ea70e89a7889cb6028f234f9d2ee9
1 parent
02b373ad
SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk expecting a response length of 40 bytes. Currently the response to an Inquiry command is hardcoded to 36 bytes. When receiving a response of length 36 instead of 40 Openserver panics. Modifications to original patch based on feedback from Ryan Harper and Paul Brook. Thanks guys. Signed-off-by: Justin Chevrier <address@hidden> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5903 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
8 additions
and
3 deletions
hw/scsi-disk.c
@@ -38,6 +38,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0) | @@ -38,6 +38,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0) | ||
38 | #define STATUS_CHECK_CONDITION 2 | 38 | #define STATUS_CHECK_CONDITION 2 |
39 | 39 | ||
40 | #define SCSI_DMA_BUF_SIZE 131072 | 40 | #define SCSI_DMA_BUF_SIZE 131072 |
41 | +#define SCSI_MAX_INQUIRY_LEN 256 | ||
41 | 42 | ||
42 | typedef struct SCSIRequest { | 43 | typedef struct SCSIRequest { |
43 | SCSIDeviceState *dev; | 44 | SCSIDeviceState *dev; |
@@ -492,7 +493,11 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, | @@ -492,7 +493,11 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, | ||
492 | "is less than 36 (TODO: only 5 required)\n", len); | 493 | "is less than 36 (TODO: only 5 required)\n", len); |
493 | } | 494 | } |
494 | } | 495 | } |
495 | - memset(outbuf, 0, 36); | 496 | + |
497 | + if(len > SCSI_MAX_INQUIRY_LEN) | ||
498 | + len = SCSI_MAX_INQUIRY_LEN; | ||
499 | + | ||
500 | + memset(outbuf, 0, len); | ||
496 | 501 | ||
497 | if (lun || buf[1] >> 5) { | 502 | if (lun || buf[1] >> 5) { |
498 | outbuf[0] = 0x7f; /* LUN not supported */ | 503 | outbuf[0] = 0x7f; /* LUN not supported */ |
@@ -510,10 +515,10 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, | @@ -510,10 +515,10 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, | ||
510 | Some later commands are also implemented. */ | 515 | Some later commands are also implemented. */ |
511 | outbuf[2] = 3; | 516 | outbuf[2] = 3; |
512 | outbuf[3] = 2; /* Format 2 */ | 517 | outbuf[3] = 2; /* Format 2 */ |
513 | - outbuf[4] = 31; | 518 | + outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */ |
514 | /* Sync data transfer and TCQ. */ | 519 | /* Sync data transfer and TCQ. */ |
515 | outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0); | 520 | outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0); |
516 | - r->buf_len = 36; | 521 | + r->buf_len = len; |
517 | break; | 522 | break; |
518 | case 0x16: | 523 | case 0x16: |
519 | DPRINTF("Reserve(6)\n"); | 524 | DPRINTF("Reserve(6)\n"); |