falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scsi-generic: fix sign extension of READ CAPACITY(10) data 

Issuing the READ CAPACITY(10) command in the guest will cause QEMU
to update its knowledge of the maximum accessible LBA in the disk.
The recorded maximum LBA will be wrong if the disk is bigger than
1TB, because ldl_be_p returns a signed int.

When this is fixed, a latent bug will be unmasked.  If the READ
CAPACITY(10) command reported an overflow (0xFFFFFFFF), we must
not overwrite the previously-known maximum accessible LBA, or the guest
will fail to access the disk above the first 2TB.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 53254e569f)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This commit is contained in:
Paolo Bonzini 2013-05-21 14:08:53 +02:00 committed by Michael Roth
parent 3abd71cd98
commit 9c4f5dd03a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hw/scsi/scsi-generic.c
View File

@ -198,9 +198,10 @@ static void scsi_read_complete(void * opaque, int ret)
scsi_command_complete(r, 0);
} else {
/* Snoop READ CAPACITY output to set the blocksize. */
if (r->req.cmd.buf[0] == READ_CAPACITY_10) {
if (r->req.cmd.buf[0] == READ_CAPACITY_10 &&
(ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) {
s->blocksize = ldl_be_p(&r->buf[4]);
s->max_lba = ldl_be_p(&r->buf[0]);
s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL;
} else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
(r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
s->blocksize = ldl_be_p(&r->buf[8]);