From patchwork Fri Jul 22 14:51:17 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hannes Reinecke <hare@suse.de>
X-Patchwork-Id: 999742
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p6MEq0lI009590
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri, 22 Jul 2011 14:52:01 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754705Ab1GVOvq (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Fri, 22 Jul 2011 10:51:46 -0400
Received: from cantor2.suse.de ([195.135.220.15]:44180 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754669Ab1GVOvp (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 22 Jul 2011 10:51:45 -0400
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.221.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id 798C28B013;
	Fri, 22 Jul 2011 16:51:44 +0200 (CEST)
From: Hannes Reinecke <hare@suse.de>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Markus Armbruster <armbru@redhat.com>,
	kvm@vger.kernel.org, Alexander Graf <agraf@suse.de>,
	Hannes Reinecke <hare@suse.de>
Subject: [PATCH 6/6] scsi-disk: Check for supported commands
Date: Fri, 22 Jul 2011 16:51:17 +0200
Message-Id: <1311346277-32329-7-git-send-email-hare@suse.de>
X-Mailer: git-send-email 1.7.3.4
In-Reply-To: <1311346277-32329-1-git-send-email-hare@suse.de>
References: <1311346277-32329-1-git-send-email-hare@suse.de>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]);
	Fri, 22 Jul 2011 14:52:01 +0000 (UTC)

Not every command is support for any device type. This patch adds
a check for rejecting unsupported commands.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 hw/scsi-disk.c |  104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 103 insertions(+), 1 deletions(-)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index ae2c157..8ad90c0 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -361,13 +361,107 @@ static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
     return scsi_build_sense(s->sense, outbuf, len, len > 14);
 }
 
+#define GENERIC_CMD (uint32_t)0xFFFFFFFF
+#define DISK_CMD (1u << TYPE_DISK)
+#define TAPE_CMD (1u << TYPE_TAPE)
+#define PRINTER_CMD (1u << TYPE_PRINTER)
+#define PROCESSOR_CMD (1u << TYPE_PROCESSOR)
+#define WORM_CMD (1u << TYPE_WORM)
+#define ROM_CMD (1u << TYPE_ROM)
+#define SCANNER_CMD (1u << TYPE_SCANNER)
+#define MOD_CMD (1u << TYPE_MOD)
+#define MEDIUM_CHANGER_CMD (1u << TYPE_MEDIUM_CHANGER)
+#define ARRAY_CMD (1u << TYPE_STORAGE_ARRAY)
+#define ENCLOSURE_CMD (1u << TYPE_ENCLOSURE)
+#define RBC_CMD (1u << TYPE_RBC)
+#define OSD_CMD (1u << TYPE_OSD)
+
+#define NO_ROM_CMD (GENERIC_CMD | ~ROM_CMD)
+
+uint32_t scsi_cmd_table[0x100] = {
+    [TEST_UNIT_READY]           = GENERIC_CMD,
+    [REWIND]                    = TAPE_CMD,
+    [REQUEST_SENSE]             = GENERIC_CMD,
+    [FORMAT_UNIT]               = DISK_CMD|ROM_CMD,
+    [READ_BLOCK_LIMITS]         = TAPE_CMD,
+    [REASSIGN_BLOCKS]           = DISK_CMD|WORM_CMD|MOD_CMD,
+    [READ_6]                    = DISK_CMD|TAPE_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [WRITE_6]                   = DISK_CMD|TAPE_CMD|WORM_CMD|MOD_CMD,
+    [READ_REVERSE]              = TAPE_CMD,
+    [WRITE_FILEMARKS]           = TAPE_CMD,
+    [SPACE]                     = TAPE_CMD,
+    [INQUIRY]                   = GENERIC_CMD,
+    [MODE_SELECT]               = GENERIC_CMD,
+    [RESERVE]                   = TAPE_CMD|PRINTER_CMD,
+    [RELEASE]                   = TAPE_CMD|PRINTER_CMD,
+    [ERASE]                     = TAPE_CMD,
+    [MODE_SENSE]                = GENERIC_CMD,
+    [START_STOP]                = GENERIC_CMD,
+    [RECEIVE_DIAGNOSTIC]        = GENERIC_CMD,
+    [SEND_DIAGNOSTIC]           = GENERIC_CMD,
+    [ALLOW_MEDIUM_REMOVAL]      = GENERIC_CMD,
+    [READ_CAPACITY_10]          = DISK_CMD|WORM_CMD|MOD_CMD,
+    [READ_10]                   = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [WRITE_10]                  = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [SEEK_10]                   = TAPE_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [WRITE_VERIFY_10]           = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [VERIFY_10]                 = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [READ_POSITION]             = TAPE_CMD,
+    [SYNCHRONIZE_CACHE]         = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD|RBC_CMD,
+    [WRITE_BUFFER]              = GENERIC_CMD,
+    [READ_BUFFER]               = GENERIC_CMD,
+    [READ_LONG_10]              = DISK_CMD|WORM_CMD|MOD_CMD,
+    [WRITE_LONG_10]             = DISK_CMD|WORM_CMD|MOD_CMD,
+    [WRITE_SAME_10]             = DISK_CMD,
+    [UNMAP]                     = DISK_CMD,
+    [READ_TOC]                  = ROM_CMD,
+    [REPORT_DENSITY_SUPPORT]    = TAPE_CMD,
+    [GET_CONFIGURATION]         = ROM_CMD,
+    [LOG_SELECT]                = GENERIC_CMD,
+    [LOG_SENSE]                 = GENERIC_CMD,
+    [MODE_SELECT_10]            = GENERIC_CMD,
+    [RESERVE_10]                = PRINTER_CMD,
+    [RELEASE_10]                = PRINTER_CMD,
+    [MODE_SENSE_10]             = GENERIC_CMD,
+    [PERSISTENT_RESERVE_IN]     = GENERIC_CMD,
+    [PERSISTENT_RESERVE_OUT]    = GENERIC_CMD,
+    [VARLENGTH_CDB]             = OSD_CMD,
+    [WRITE_FILEMARKS_16]        = TAPE_CMD,
+    [ATA_PASSTHROUGH]           = DISK_CMD|ROM_CMD|RBC_CMD,
+    [READ_16]                   = DISK_CMD|TAPE_CMD|WORM_CMD|MOD_CMD|RBC_CMD,
+    [WRITE_16]                  = DISK_CMD|TAPE_CMD|WORM_CMD|MOD_CMD|RBC_CMD,
+    [WRITE_VERIFY_16]           = DISK_CMD|WORM_CMD|MOD_CMD|RBC_CMD,
+    [SYNCHRONIZE_CACHE_16]      = DISK_CMD|TAPE_CMD|WORM_CMD|MOD_CMD|RBC_CMD,
+    [LOCATE_16]                 = TAPE_CMD,
+    [WRITE_SAME_16]             = DISK_CMD|TAPE_CMD,
+    [SERVICE_ACTION_IN]         = GENERIC_CMD,
+    [REPORT_LUNS]               = NO_ROM_CMD,
+    [BLANK]                     = ROM_CMD,
+    [MAINTENANCE_IN]            = NO_ROM_CMD,
+    [MAINTENANCE_OUT]           = NO_ROM_CMD,
+    [MOVE_MEDIUM]               = MEDIUM_CHANGER_CMD,
+    [LOAD_UNLOAD]               = ROM_CMD|MEDIUM_CHANGER_CMD,
+    [READ_12]                   = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [WRITE_12]                  = DISK_CMD|WORM_CMD|ROM_CMD|MOD_CMD,
+    [WRITE_VERIFY_12]           = DISK_CMD|WORM_CMD|MOD_CMD,
+    [VERIFY_12]                 = DISK_CMD|WORM_CMD|MOD_CMD,
+    [READ_ELEMENT_STATUS]       = WORM_CMD|MOD_CMD,
+    [SET_CD_SPEED]              = ROM_CMD
+};
+
+static bool scsi_command_supported(uint8_t scsi_type, uint8_t cmd)
+{
+    uint32_t mask = (1u << scsi_type);
+    return scsi_cmd_table[cmd] & mask;
+}
+
 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
 {
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
     int buflen = 0;
 
     if (req->cmd.buf[1] & 0x2) {
-        /* Command support data - optional, not implemented */
+        /* Command support data - obsolete */
         BADF("optional INQUIRY command support request not implemented\n");
         return -1;
     }
@@ -1032,6 +1126,14 @@ static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
             return 0;
         }
     }
+    if (!scsi_command_supported(command, s->qdev.type)) {
+        DPRINTF("Command %02x not supported for type %02x\n",
+                command, s->qdev.type);
+        scsi_command_complete(r, CHECK_CONDITION,
+                              SENSE_CODE(INVALID_OPCODE));
+        return 0;
+    }
+
     switch (command) {
     case TEST_UNIT_READY:
     case REQUEST_SENSE: