58d7d4c786
Without this the struct has the wrong size: sizeof() evaluates
to 16 instead of 13. In most cases the bug is hidden by the
fact that guests submits a buffer which is exactly 13 bytes
long, so the padding added by the compiler is simply ignored.
But sometimes guests submit a larger buffer and expect a short
transfer, which does not work properly with the wrong struct
size.
Cc: vintagepc404@protonmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fixes: a917d384ac
("SCSI TCQ support.")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210906045523.1259629-1-kraxel@redhat.com>
55 lines
1.3 KiB
C
55 lines
1.3 KiB
C
/*
|
|
* USB Mass Storage Device emulation
|
|
*
|
|
* Copyright (c) 2006 CodeSourcery.
|
|
* Written by Paul Brook
|
|
*
|
|
* This code is licensed under the LGPL.
|
|
*/
|
|
|
|
#include "hw/usb.h"
|
|
#include "hw/scsi/scsi.h"
|
|
|
|
enum USBMSDMode {
|
|
USB_MSDM_CBW, /* Command Block. */
|
|
USB_MSDM_DATAOUT, /* Transfer data to device. */
|
|
USB_MSDM_DATAIN, /* Transfer data from device. */
|
|
USB_MSDM_CSW /* Command Status. */
|
|
};
|
|
|
|
struct QEMU_PACKED usb_msd_csw {
|
|
uint32_t sig;
|
|
uint32_t tag;
|
|
uint32_t residue;
|
|
uint8_t status;
|
|
};
|
|
|
|
struct MSDState {
|
|
USBDevice dev;
|
|
enum USBMSDMode mode;
|
|
uint32_t scsi_off;
|
|
uint32_t scsi_len;
|
|
uint32_t data_len;
|
|
struct usb_msd_csw csw;
|
|
SCSIRequest *req;
|
|
SCSIBus bus;
|
|
/* For async completion. */
|
|
USBPacket *packet;
|
|
/* usb-storage only */
|
|
BlockConf conf;
|
|
bool removable;
|
|
bool commandlog;
|
|
SCSIDevice *scsi_dev;
|
|
};
|
|
|
|
typedef struct MSDState MSDState;
|
|
#define TYPE_USB_STORAGE "usb-storage-dev"
|
|
DECLARE_INSTANCE_CHECKER(MSDState, USB_STORAGE_DEV,
|
|
TYPE_USB_STORAGE)
|
|
|
|
void usb_msd_transfer_data(SCSIRequest *req, uint32_t len);
|
|
void usb_msd_command_complete(SCSIRequest *req, size_t resid);
|
|
void usb_msd_request_cancelled(SCSIRequest *req);
|
|
void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req);
|
|
void usb_msd_handle_reset(USBDevice *dev);
|