diff options
author | Asias He <asias@redhat.com> | 2013-09-13 14:56:55 +0800 |
---|---|---|
committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2013-10-04 10:18:56 -0500 |
commit | fdcbe7d587a64dec0db0d3c9a3b230c39efbfeef (patch) | |
tree | 5f4cf8b82bb1407a4cb628babae299eec882f56d /include | |
parent | 1b5f7709411a412ec8ce21004a47f51ab6c3f3ad (diff) | |
download | qemu-fdcbe7d587a64dec0db0d3c9a3b230c39efbfeef.tar.gz |
scsi: Allocate SCSITargetReq r->buf dynamically
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1007330
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6282465
This is the backport of the following commit. The patch is not
sent public since it is a embargoed bug.
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.
To fix, we allocate the buffer dynamically.
Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*s/&r->buf/r->buf/ due to type change
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/hw/scsi/scsi.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h index 87865313eb..18cb6943b5 100644 --- a/include/hw/scsi/scsi.h +++ b/include/hw/scsi/scsi.h @@ -9,6 +9,8 @@ #define MAX_SCSI_DEVS 255 #define SCSI_CMD_BUF_SIZE 16 +#define SCSI_SENSE_LEN 18 +#define SCSI_INQUIRY_LEN 36 typedef struct SCSIBus SCSIBus; typedef struct SCSIBusInfo SCSIBusInfo; |