From: Peter Dinda Date: Sun, 2 Aug 2015 23:26:54 +0000 (-0500) Subject: IDE/ATAPI bug fix - allow sense and other requests to read past X-Git-Url: http://v3vee.org/palacios/gitweb/gitweb.cgi?p=palacios.git;a=commitdiff_plain;h=366a20deaf086107d75a2004fec076db4705e7c2 IDE/ATAPI bug fix - allow sense and other requests to read past end of transfer length as long as not past the end of the IDE buffer This is technically correct, and common for modern atapi drivers talking to old drives --- diff --git a/palacios/src/devices/atapi.h b/palacios/src/devices/atapi.h index 0cc9f26..fe29a2d 100644 --- a/palacios/src/devices/atapi.h +++ b/palacios/src/devices/atapi.h @@ -239,9 +239,11 @@ static int atapi_read10(struct guest_info * core, static void atapi_req_sense(struct ide_internal * ide, struct ide_channel * channel) { struct ide_drive * drive = get_selected_drive(channel); + drive->cd_state.sense.read_len=0xa; + memcpy(drive->data_buf, drive->cd_state.sense.buf, sizeof(drive->cd_state.sense.buf)); - atapi_setup_cmd_resp(ide, channel, 18); + atapi_setup_cmd_resp(ide, channel, sizeof(drive->cd_state.sense.buf)); } diff --git a/palacios/src/devices/ide.c b/palacios/src/devices/ide.c index bf842e9..e9a0dd1 100644 --- a/palacios/src/devices/ide.c +++ b/palacios/src/devices/ide.c @@ -1082,7 +1082,7 @@ static int read_hd_data(uint8_t * dst, uint64_t length, struct ide_internal * id drive->transfer_index, drive->transfer_length, drive->hd_state.cur_sector_num); - if (drive->transfer_index >= drive->transfer_length) { + if (drive->transfer_index >= drive->transfer_length && drive->transfer_index>=DATA_BUFFER_SIZE) { PrintError(VM_NONE, VCORE_NONE, "Buffer overrun... (xfer_len=%llu) (cur_idx=%llu) (post_idx=%llu)\n", drive->transfer_length, drive->transfer_index, drive->transfer_index + length); @@ -1224,7 +1224,7 @@ static int read_cd_data(uint8_t * dst, uint64_t length, struct ide_internal * id - if (drive->transfer_index >= drive->transfer_length) { + if (drive->transfer_index >= drive->transfer_length && drive->transfer_index>=DATA_BUFFER_SIZE) { PrintError(VM_NONE, VCORE_NONE, "Buffer Overrun... (xfer_len=%llu) (cur_idx=%llu) (post_idx=%llu)\n", drive->transfer_length, drive->transfer_index, drive->transfer_index + length);