From d755cb9696e8aa16e850ac5f0b908015520cd395 Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daudé Date: Wed, 20 Jan 2021 16:35:22 +0100 Subject: hw/usb/dev-uas: Report command additional adb length as unsupported We are not ready to handle additional CDB data. If a guest sends a packet with such additional data, report the command parameter as not supported. Specify a size (of 1 byte) for the add_cdb member we are not using, to fix the following warning: usb/dev-uas.c:157:31: error: field 'status' with variable sized type 'uas_iu' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] uas_iu status; ^ Reported-by: Ed Maste Reported-by: Daniele Buono Reported-by: Han Han Reviewed-by: Eric Blake Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20210120153522.1173897-4-philmd@redhat.com> Signed-off-by: Gerd Hoffmann --- hw/usb/dev-uas.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'hw/usb') diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c index cec071d96c..a51402bc0b 100644 --- a/hw/usb/dev-uas.c +++ b/hw/usb/dev-uas.c @@ -16,6 +16,7 @@ #include "qemu/error-report.h" #include "qemu/main-loop.h" #include "qemu/module.h" +#include "qemu/log.h" #include "hw/usb.h" #include "migration/vmstate.h" @@ -70,7 +71,7 @@ typedef struct { uint8_t reserved_2; uint64_t lun; uint8_t cdb[16]; - uint8_t add_cdb[]; + uint8_t add_cdb[1]; /* not supported by QEMU */ } QEMU_PACKED uas_iu_command; typedef struct { @@ -700,6 +701,11 @@ static void usb_uas_command(UASDevice *uas, uas_iu *iu) uint32_t len; uint16_t tag = be16_to_cpu(iu->hdr.tag); + if (iu->command.add_cdb_length > 0) { + qemu_log_mask(LOG_UNIMP, "additional adb length not yet supported\n"); + goto unsupported_len; + } + if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) { goto invalid_tag; } @@ -735,6 +741,10 @@ static void usb_uas_command(UASDevice *uas, uas_iu *iu) } return; +unsupported_len: + usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_PARAM_VALUE); + return; + invalid_tag: usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_TAG); return; -- cgit v1.2.3-55-g7522