| Message ID | 20210906045523.1259629-1-kraxel@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | usb-storage: tag usb_msd_csw as packed struct | expand |
On 9/6/21 6:55 AM, Gerd Hoffmann wrote: > Without this the struct has the wrong size: sizeof() evaluates > to 16 instead of 13. In most cases the bug is hidden by the > fact that guests submits a buffer which is exactly 13 bytes > long, so the padding added by the compiler is simply ignored. > > But sometimes guests submit a larger buffer and expect a short > transfer, which does not work properly with the wrong struct > size. > > Cc: vintagepc404@protonmail.com Fixes: a917d384ac0 ("SCSI TCQ support.") 15 years old bug, nice =) Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> > --- > include/hw/usb/msd.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/hw/usb/msd.h b/include/hw/usb/msd.h index 7538c54569bf..54e9f38bda46 100644 --- a/include/hw/usb/msd.h +++ b/include/hw/usb/msd.h @@ -17,7 +17,7 @@ enum USBMSDMode { USB_MSDM_CSW /* Command Status. */ }; -struct usb_msd_csw { +struct QEMU_PACKED usb_msd_csw { uint32_t sig; uint32_t tag; uint32_t residue;
Without this the struct has the wrong size: sizeof() evaluates to 16 instead of 13. In most cases the bug is hidden by the fact that guests submits a buffer which is exactly 13 bytes long, so the padding added by the compiler is simply ignored. But sometimes guests submit a larger buffer and expect a short transfer, which does not work properly with the wrong struct size. Cc: vintagepc404@protonmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- include/hw/usb/msd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)