diff options
-rw-r--r-- | hw/scsi-disk.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c index fd5cd709a9..526da4b4fc 100644 --- a/hw/scsi-disk.c +++ b/hw/scsi-disk.c @@ -1774,6 +1774,9 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) case READ_16: len = r->req.cmd.xfer / s->qdev.blocksize; DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len); + if (r->req.cmd.buf[1] & 0xe0) { + goto illegal_request; + } if (r->req.cmd.lba > s->qdev.max_lba) { goto illegal_lba; } @@ -1794,6 +1797,9 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) DPRINTF("Write %s(sector %" PRId64 ", count %d)\n", (command & 0xe) == 0xe ? "And Verify " : "", r->req.cmd.lba, len); + if (r->req.cmd.buf[1] & 0xe0) { + goto illegal_request; + } if (r->req.cmd.lba > s->qdev.max_lba) { goto illegal_lba; } @@ -1802,6 +1808,9 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) break; default: abort(); + illegal_request: + scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); + return 0; illegal_lba: scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); return 0; |