summaryrefslogtreecommitdiffstats
path: root/hw/usb/dev-storage.c
diff options
context:
space:
mode:
Diffstat (limited to 'hw/usb/dev-storage.c')
-rw-r--r--hw/usb/dev-storage.c56
1 files changed, 43 insertions, 13 deletions
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 98639696e6..e3bcffb3e0 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -177,6 +177,37 @@ static const USBDesc desc = {
.str = desc_strings,
};
+static void usb_msd_packet_complete(MSDState *s)
+{
+ USBPacket *p = s->packet;
+
+ /*
+ * Set s->packet to NULL before calling usb_packet_complete
+ * because another request may be issued before
+ * usb_packet_complete returns.
+ */
+ trace_usb_msd_packet_complete();
+ s->packet = NULL;
+ usb_packet_complete(&s->dev, p);
+}
+
+static void usb_msd_fatal_error(MSDState *s)
+{
+ trace_usb_msd_fatal_error();
+
+ if (s->packet) {
+ s->packet->status = USB_RET_STALL;
+ usb_msd_packet_complete(s);
+ }
+
+ /*
+ * Guest messed up up device state with illegal requests. Go
+ * ignore any requests until the guests resets the device (and
+ * brings it into a known state that way).
+ */
+ s->needs_reset = true;
+}
+
static void usb_msd_copy_data(MSDState *s, USBPacket *p)
{
uint32_t len;
@@ -208,24 +239,16 @@ static void usb_msd_send_status(MSDState *s, USBPacket *p)
memset(&s->csw, 0, sizeof(s->csw));
}
-static void usb_msd_packet_complete(MSDState *s)
-{
- USBPacket *p = s->packet;
-
- /* Set s->packet to NULL before calling usb_packet_complete
- because another request may be issued before
- usb_packet_complete returns. */
- trace_usb_msd_packet_complete();
- s->packet = NULL;
- usb_packet_complete(&s->dev, p);
-}
-
void usb_msd_transfer_data(SCSIRequest *req, uint32_t len)
{
MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
USBPacket *p = s->packet;
- assert((s->mode == USB_MSDM_DATAOUT) == (req->cmd.mode == SCSI_XFER_TO_DEV));
+ if ((s->mode == USB_MSDM_DATAOUT) != (req->cmd.mode == SCSI_XFER_TO_DEV)) {
+ usb_msd_fatal_error(s);
+ return;
+ }
+
s->scsi_len = len;
s->scsi_off = 0;
if (p) {
@@ -315,6 +338,8 @@ void usb_msd_handle_reset(USBDevice *dev)
memset(&s->csw, 0, sizeof(s->csw));
s->mode = USB_MSDM_CBW;
+
+ s->needs_reset = false;
}
static void usb_msd_handle_control(USBDevice *dev, USBPacket *p,
@@ -380,6 +405,11 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
SCSIDevice *scsi_dev;
uint32_t len;
+ if (s->needs_reset) {
+ p->status = USB_RET_STALL;
+ return;
+ }
+
switch (p->pid) {
case USB_TOKEN_OUT:
if (devep != 2)
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2025-04-29 04:40:23 +0200