mirror of
				https://github.com/qemu/qemu.git
				synced 2025-10-26 12:03:40 +00:00 
			
		
		
		
	 58d7d4c786
			
		
	
	
		58d7d4c786
		
	
	
	
	
		
			
			Without this the struct has the wrong size: sizeof() evaluates
to 16 instead of 13.  In most cases the bug is hidden by the
fact that guests submits a buffer which is exactly 13 bytes
long, so the padding added by the compiler is simply ignored.
But sometimes guests submit a larger buffer and expect a short
transfer, which does not work properly with the wrong struct
size.
Cc: vintagepc404@protonmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fixes: a917d384ac ("SCSI TCQ support.")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210906045523.1259629-1-kraxel@redhat.com>
		
	
			
		
			
				
	
	
		
			55 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			55 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * USB Mass Storage Device emulation
 | |
|  *
 | |
|  * Copyright (c) 2006 CodeSourcery.
 | |
|  * Written by Paul Brook
 | |
|  *
 | |
|  * This code is licensed under the LGPL.
 | |
|  */
 | |
| 
 | |
| #include "hw/usb.h"
 | |
| #include "hw/scsi/scsi.h"
 | |
| 
 | |
| enum USBMSDMode {
 | |
|     USB_MSDM_CBW, /* Command Block.  */
 | |
|     USB_MSDM_DATAOUT, /* Transfer data to device.  */
 | |
|     USB_MSDM_DATAIN, /* Transfer data from device.  */
 | |
|     USB_MSDM_CSW /* Command Status.  */
 | |
| };
 | |
| 
 | |
| struct QEMU_PACKED usb_msd_csw {
 | |
|     uint32_t sig;
 | |
|     uint32_t tag;
 | |
|     uint32_t residue;
 | |
|     uint8_t status;
 | |
| };
 | |
| 
 | |
| struct MSDState {
 | |
|     USBDevice dev;
 | |
|     enum USBMSDMode mode;
 | |
|     uint32_t scsi_off;
 | |
|     uint32_t scsi_len;
 | |
|     uint32_t data_len;
 | |
|     struct usb_msd_csw csw;
 | |
|     SCSIRequest *req;
 | |
|     SCSIBus bus;
 | |
|     /* For async completion.  */
 | |
|     USBPacket *packet;
 | |
|     /* usb-storage only */
 | |
|     BlockConf conf;
 | |
|     bool removable;
 | |
|     bool commandlog;
 | |
|     SCSIDevice *scsi_dev;
 | |
| };
 | |
| 
 | |
| typedef struct MSDState MSDState;
 | |
| #define TYPE_USB_STORAGE "usb-storage-dev"
 | |
| DECLARE_INSTANCE_CHECKER(MSDState, USB_STORAGE_DEV,
 | |
|                          TYPE_USB_STORAGE)
 | |
| 
 | |
| void usb_msd_transfer_data(SCSIRequest *req, uint32_t len);
 | |
| void usb_msd_command_complete(SCSIRequest *req, size_t resid);
 | |
| void usb_msd_request_cancelled(SCSIRequest *req);
 | |
| void *usb_msd_load_request(QEMUFile *f, SCSIRequest *req);
 | |
| void usb_msd_handle_reset(USBDevice *dev);
 |