diff options
author | balrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-12-07 03:12:54 +0000 |
---|---|---|
committer | balrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-12-07 03:12:54 +0000 |
commit | 575750581c6ea70e89a7889cb6028f234f9d2ee9 (patch) | |
tree | 3b595e29478c37bb2f527905ca0b58fc25bbd3aa /hw | |
parent | 02b373ad5dba03fda5d8b58abe30e360f1f6f0fa (diff) |
SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk
expecting a response length of 40 bytes. Currently the response to an
Inquiry command is hardcoded to 36 bytes. When receiving a response of
length 36 instead of 40 Openserver panics.
Modifications to original patch based on feedback from Ryan Harper and Paul
Brook. Thanks guys.
Signed-off-by: Justin Chevrier <address@hidden>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5903 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'hw')
-rw-r--r-- | hw/scsi-disk.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c index f7aa6d7a43..9a0841156b 100644 --- a/hw/scsi-disk.c +++ b/hw/scsi-disk.c @@ -38,6 +38,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0) #define STATUS_CHECK_CONDITION 2 #define SCSI_DMA_BUF_SIZE 131072 +#define SCSI_MAX_INQUIRY_LEN 256 typedef struct SCSIRequest { SCSIDeviceState *dev; @@ -492,7 +493,11 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, "is less than 36 (TODO: only 5 required)\n", len); } } - memset(outbuf, 0, 36); + + if(len > SCSI_MAX_INQUIRY_LEN) + len = SCSI_MAX_INQUIRY_LEN; + + memset(outbuf, 0, len); if (lun || buf[1] >> 5) { outbuf[0] = 0x7f; /* LUN not supported */ @@ -510,10 +515,10 @@ static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, Some later commands are also implemented. */ outbuf[2] = 3; outbuf[3] = 2; /* Format 2 */ - outbuf[4] = 31; + outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */ /* Sync data transfer and TCQ. */ outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0); - r->buf_len = 36; + r->buf_len = len; break; case 0x16: DPRINTF("Reserve(6)\n"); |