qemu/include/hw/usb/msd.h
Gerd Hoffmann 12b69878fc usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
Add handler for fatal errors.  Moves device into error state where it
stops responding until the guest resets it.

Guest can send illegal requests where scsi command and usb packet
transfer directions are inconsistent.  Use the new usb_msd_fatal_error()
function instead of assert() in that case.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
2022-09-27 07:32:30 +02:00

56 lines
1.3 KiB
C

/*
* USB Mass Storage Device emulation
*
* Copyright (c) 2006 CodeSourcery.
* Written by Paul Brook
*
* This code is licensed under the LGPL.
*/
#include "hw/usb.h"
#include "hw/scsi/scsi.h"
enum USBMSDMode {
USB_MSDM_CBW, /* Command Block. */
USB_MSDM_DATAOUT, /* Transfer data to device. */
USB_MSDM_DATAIN, /* Transfer data from device. */
USB_MSDM_CSW /* Command Status. */
};
struct QEMU_PACKED usb_msd_csw {
uint32_t sig;
uint32_t tag;
uint32_t residue;
uint8_t status;
};
struct MSDState {
USBDevice dev;
enum USBMSDMode mode;
uint32_t scsi_off;
uint32_t scsi_len;
uint32_t data_len;
struct usb_msd_csw csw;
SCSIRequest *req;
SCSIBus bus;
/* For async completion. */
USBPacket *packet;
/* usb-storage only */
BlockConf conf;
bool removable;
bool commandlog;
SCSIDevice *scsi_dev;
bool needs_reset;
};
typedef struct MSDState MSDState;
#define TYPE_USB_STORAGE "usb-storage-dev"
DECLARE_INSTANCE_CHECKER(MSDState, USB_STORAGE_DEV,
TYPE_USB_STORAGE)
void usb_msd_transfer_data(SCSIRequest *req, uint32_t len);
void usb_msd_command_complete(SCSIRequest *req, size_t resid);
void usb_msd_request_cancelled(SCSIRequest *req);
void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req);
void usb_msd_handle_reset(USBDevice *dev);