aboutsummaryrefslogtreecommitdiff
path: root/include/hw/scsi
AgeCommit message (Collapse)Author
2014-06-25scsi: Change scsi sense buf size to 252Fam Zheng
Current buffer size fails the assersion check in like hw/scsi/scsi-bus.c:1655: assert(req->sense_len <= sizeof(req->sense)); when backend (block/iscsi.c) returns more data then 96. Exercise the core dump path by booting an Gentoo ISO with scsi-generic device backed with iscsi (built with libiscsi 1.7.0): x86_64-softmmu/qemu-system-x86_64 \ -drive file=iscsi://localhost:3260/iqn.foobar/0,if=none,id=drive-disk \ -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 \ -device scsi-generic,drive=drive-disk,bus=scsi1.0,id=iscsi-disk \ -boot d \ -cdrom gentoo.iso qemu-system-x86_64: hw/scsi/scsi-bus.c:1655: scsi_req_complete: Assertion `req->sense_len <= sizeof(req->sense)' failed. According to SPC-4, section 4.5.2.1, 252 is the limit of sense data. So increase the value to fix it. Also remove duplicated define for the macro. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit c5f52875b980e54e6bebad6121c76863356e1d7f) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2013-10-09scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]Asias He
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He <asias@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-08-30scsi: Pass size to scsi_bus_new()Andreas Färber
To be passed to qbus_create_inplace(). Use DEVICE() casts instead of direct parent field access. Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-23scsi: Improve error propagation for scsi_bus_legacy_handle_cmdline()Andreas Färber
Let scsi_bus_legacy_add_drive() and scsi_bus_legacy_handle_cmdline() return an Error**. Prepare qdev initfns for QOM realize error model. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-05-03scsi: add bus_name parameter to scsi_bus_new.KONRAD Frederic
This adds the possibility to create a scsi-bus with a specified name. Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com> Message-id: 1367330931-12994-4-git-send-email-fred.konrad@greensocs.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-08hw: move headers to include/Paolo Bonzini
Many of these should be cleaned up with proper qdev-/QOM-ification. Right now there are many catch-all headers in include/hw/ARCH depending on cpu.h, and this makes it necessary to compile these files per-target. However, fixing this does not belong in these patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
generated by cgit v1.2.3 (git 2.26.2) at 2025-03-15 05:32:13 +0000