mirror of
				https://github.com/qemu/qemu.git
				synced 2025-10-26 03:33:28 +00:00 
			
		
		
		
	 12b69878fc
			
		
	
	
		12b69878fc
		
	
	
	
	
		
			
			Add handler for fatal errors. Moves device into error state where it stops responding until the guest resets it. Guest can send illegal requests where scsi command and usb packet transfer directions are inconsistent. Use the new usb_msd_fatal_error() function instead of assert() in that case. Reported-by: Qiang Liu <cyruscyliu@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Qiang Liu <cyruscyliu@gmail.com> Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
		
			
				
	
	
		
			56 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			56 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * USB Mass Storage Device emulation
 | |
|  *
 | |
|  * Copyright (c) 2006 CodeSourcery.
 | |
|  * Written by Paul Brook
 | |
|  *
 | |
|  * This code is licensed under the LGPL.
 | |
|  */
 | |
| 
 | |
| #include "hw/usb.h"
 | |
| #include "hw/scsi/scsi.h"
 | |
| 
 | |
| enum USBMSDMode {
 | |
|     USB_MSDM_CBW, /* Command Block.  */
 | |
|     USB_MSDM_DATAOUT, /* Transfer data to device.  */
 | |
|     USB_MSDM_DATAIN, /* Transfer data from device.  */
 | |
|     USB_MSDM_CSW /* Command Status.  */
 | |
| };
 | |
| 
 | |
| struct QEMU_PACKED usb_msd_csw {
 | |
|     uint32_t sig;
 | |
|     uint32_t tag;
 | |
|     uint32_t residue;
 | |
|     uint8_t status;
 | |
| };
 | |
| 
 | |
| struct MSDState {
 | |
|     USBDevice dev;
 | |
|     enum USBMSDMode mode;
 | |
|     uint32_t scsi_off;
 | |
|     uint32_t scsi_len;
 | |
|     uint32_t data_len;
 | |
|     struct usb_msd_csw csw;
 | |
|     SCSIRequest *req;
 | |
|     SCSIBus bus;
 | |
|     /* For async completion.  */
 | |
|     USBPacket *packet;
 | |
|     /* usb-storage only */
 | |
|     BlockConf conf;
 | |
|     bool removable;
 | |
|     bool commandlog;
 | |
|     SCSIDevice *scsi_dev;
 | |
|     bool needs_reset;
 | |
| };
 | |
| 
 | |
| typedef struct MSDState MSDState;
 | |
| #define TYPE_USB_STORAGE "usb-storage-dev"
 | |
| DECLARE_INSTANCE_CHECKER(MSDState, USB_STORAGE_DEV,
 | |
|                          TYPE_USB_STORAGE)
 | |
| 
 | |
| void usb_msd_transfer_data(SCSIRequest *req, uint32_t len);
 | |
| void usb_msd_command_complete(SCSIRequest *req, size_t resid);
 | |
| void usb_msd_request_cancelled(SCSIRequest *req);
 | |
| void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req);
 | |
| void usb_msd_handle_reset(USBDevice *dev);
 |