The CBW structure is 31 bytes, so CBW DATAOUT packets must be at least
31 bytes. QEMU enforces exactly 31 bytes, but this is inconsistent with
how it handles CSW packets (where it allows greater than or equal to 13
bytes) despite wording in the spec[*] being similar for both packet
types: "shall end as a short packet with exactly 31 bytes transferred".
[*] USB MSD Bulk-Only Transport 1.0
For consistency, and on the principle of being tolerant in accepting
input, relax the CBW size check.
Alternatively, both checks could be tightened to exact. Or a message
could be printed warning of possible guest error if size is not exact,
but still accept the packets.
Signed-off-by: Nicholas Piggin <npig...@gmail.com>
---
hw/usb/dev-storage.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 7bc2f7664b2..fe8955bf212 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -407,7 +407,7 @@ static bool try_get_valid_cbw(USBPacket *p, struct
usb_msd_cbw *cbw)
{
uint32_t sig;
- if (p->iov.size != CBW_SIZE) {
+ if (p->iov.size < CBW_SIZE) {
qemu_log_mask(LOG_GUEST_ERROR, "usb-msd: Bad CBW size %zu\n",
p->iov.size);
return false;
--
2.47.1
