@@ -66,7 +66,6 @@ struct SCSIDiskState
{
SCSIDevice qdev;
uint32_t removable;
- uint64_t max_lba;
bool media_changed;
bool media_event;
QEMUBH *bh;
@@ -1172,7 +1171,7 @@ static int scsi_disk_emulate_command(SCSIDiskReq *r)
/* Returned value is the address of the last sector. */
nb_sectors--;
/* Remember the new size for read/write sanity checking. */
- s->max_lba = nb_sectors;
+ s->qdev.max_lba = nb_sectors;
/* Clip to 2TB, instead of returning capacity modulo 2TB. */
if (nb_sectors > UINT32_MAX)
nb_sectors = UINT32_MAX;
@@ -1222,7 +1221,7 @@ static int scsi_disk_emulate_command(SCSIDiskReq *r)
/* Returned value is the address of the last sector. */
nb_sectors--;
/* Remember the new size for read/write sanity checking. */
- s->max_lba = nb_sectors;
+ s->qdev.max_lba = nb_sectors;
outbuf[0] = (nb_sectors >> 56) & 0xff;
outbuf[1] = (nb_sectors >> 48) & 0xff;
outbuf[2] = (nb_sectors >> 40) & 0xff;
@@ -1339,7 +1338,7 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
case READ_16:
len = r->req.cmd.xfer / s->qdev.blocksize;
DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
- if (r->req.cmd.lba > s->max_lba)
+ if (r->req.cmd.lba > s->qdev.max_lba)
goto illegal_lba;
r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
r->sector_count = len * (s->qdev.blocksize / 512);
@@ -1355,7 +1354,7 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
(command & 0xe) == 0xe ? "And Verify " : "",
r->req.cmd.lba, len);
- if (r->req.cmd.lba > s->max_lba)
+ if (r->req.cmd.lba > s->qdev.max_lba)
goto illegal_lba;
r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
r->sector_count = len * (s->qdev.blocksize / 512);
@@ -1380,7 +1379,7 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
case SEEK_10:
DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
r->req.cmd.lba);
- if (r->req.cmd.lba > s->max_lba) {
+ if (r->req.cmd.lba > s->qdev.max_lba) {
goto illegal_lba;
}
break;
@@ -1390,7 +1389,7 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
r->req.cmd.lba, len);
- if (r->req.cmd.lba > s->max_lba) {
+ if (r->req.cmd.lba > s->qdev.max_lba) {
goto illegal_lba;
}
@@ -1449,7 +1448,7 @@ static void scsi_disk_reset(DeviceState *dev)
if (nb_sectors) {
nb_sectors--;
}
- s->max_lba = nb_sectors;
+ s->qdev.max_lba = nb_sectors;
}
}
@@ -174,9 +174,11 @@ static void scsi_read_complete(void * opaque, int ret)
/* Snoop READ CAPACITY output to set the blocksize. */
if (r->req.cmd.buf[0] == READ_CAPACITY_10) {
s->blocksize = ldl_be_p(&r->buf[4]);
+ s->max_lba = ldl_be_p(&r->buf[0]);
} else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
(r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
s->blocksize = ldl_be_p(&r->buf[8]);
+ s->max_lba = ldq_be_p(&r->buf[0]);
}
bdrv_set_buffer_alignment(s->conf.bs, s->blocksize);
@@ -70,6 +70,7 @@ struct SCSIDevice
uint32_t lun;
int blocksize;
int type;
+ uint64_t max_lba;
};
/* cdrom.c */
The field was only in scsi-disk until now. Moving it up to SCSIDevice will make it easier to reuse the scsi-generic reqops elsewhere. In the future, range checking of LBA arguments might also be pushed up to SCSIDevice. At the same time, make scsi-generic get max_lba from the guest's READ CAPACITY commands, as well. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- hw/scsi-disk.c | 15 +++++++-------- hw/scsi-generic.c | 2 ++ hw/scsi.h | 1 + 3 files changed, 10 insertions(+), 8 deletions(-)