vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
[qemu.git] / tests / virtio-scsi-test.c
blobd78747a466abffe46768179e0417641003e73a1d
1 /*
2 * QTest testcase for VirtIO SCSI
4 * Copyright (c) 2014 SUSE LINUX Products GmbH
5 * Copyright (c) 2015 Red Hat Inc.
7 * This work is licensed under the terms of the GNU GPL, version 2 or later.
8 * See the COPYING file in the top-level directory.
9 */
11 #include "qemu/osdep.h"
12 #include <glib.h>
13 #include "libqtest.h"
14 #include "block/scsi.h"
15 #include "libqos/virtio.h"
16 #include "libqos/virtio-pci.h"
17 #include "libqos/pci-pc.h"
18 #include "libqos/malloc.h"
19 #include "libqos/malloc-pc.h"
20 #include "libqos/malloc-generic.h"
22 #define PCI_SLOT 0x02
23 #define PCI_FN 0x00
24 #define QVIRTIO_SCSI_TIMEOUT_US (1 * 1000 * 1000)
25 #define CDB_SIZE 32
27 #define MAX_NUM_QUEUES 64
29 typedef struct {
30 QVirtioDevice *dev;
31 QGuestAllocator *alloc;
32 QPCIBus *bus;
33 int num_queues;
34 QVirtQueue *vq[MAX_NUM_QUEUES + 2];
35 } QVirtIOSCSI;
37 typedef struct {
38 uint8_t lun[8];
39 int64_t tag;
40 uint8_t task_attr;
41 uint8_t prio;
42 uint8_t crn;
43 uint8_t cdb[CDB_SIZE];
44 } QEMU_PACKED QVirtIOSCSICmdReq;
46 typedef struct {
47 uint32_t sense_len;
48 uint32_t resid;
49 uint16_t status_qualifier;
50 uint8_t status;
51 uint8_t response;
52 uint8_t sense[96];
53 } QEMU_PACKED QVirtIOSCSICmdResp;
55 static void qvirtio_scsi_start(const char *extra_opts)
57 char *cmdline;
59 cmdline = g_strdup_printf(
60 "-drive id=drv0,if=none,file=/dev/null,format=raw "
61 "-device virtio-scsi-pci,id=vs0 "
62 "-device scsi-hd,bus=vs0.0,drive=drv0 %s",
63 extra_opts ? : "");
64 qtest_start(cmdline);
65 g_free(cmdline);
68 static void qvirtio_scsi_stop(void)
70 qtest_end();
73 static void qvirtio_scsi_pci_free(QVirtIOSCSI *vs)
75 int i;
77 for (i = 0; i < vs->num_queues + 2; i++) {
78 guest_free(vs->alloc, vs->vq[i]->desc);
80 pc_alloc_uninit(vs->alloc);
81 qvirtio_pci_device_disable(container_of(vs->dev, QVirtioPCIDevice, vdev));
82 g_free(vs->dev);
83 qpci_free_pc(vs->bus);
86 static uint64_t qvirtio_scsi_alloc(QVirtIOSCSI *vs, size_t alloc_size,
87 const void *data)
89 uint64_t addr;
91 addr = guest_alloc(vs->alloc, alloc_size);
92 if (data) {
93 memwrite(addr, data, alloc_size);
96 return addr;
99 static uint8_t virtio_scsi_do_command(QVirtIOSCSI *vs, const uint8_t *cdb,
100 const uint8_t *data_in,
101 size_t data_in_len,
102 uint8_t *data_out, size_t data_out_len,
103 QVirtIOSCSICmdResp *resp_out)
105 QVirtQueue *vq;
106 QVirtIOSCSICmdReq req = { { 0 } };
107 QVirtIOSCSICmdResp resp = { .response = 0xff, .status = 0xff };
108 uint64_t req_addr, resp_addr, data_in_addr = 0, data_out_addr = 0;
109 uint8_t response;
110 uint32_t free_head;
112 vq = vs->vq[2];
114 req.lun[0] = 1; /* Select LUN */
115 req.lun[1] = 1; /* Select target 1 */
116 memcpy(req.cdb, cdb, CDB_SIZE);
118 /* XXX: Fix endian if any multi-byte field in req/resp is used */
120 /* Add request header */
121 req_addr = qvirtio_scsi_alloc(vs, sizeof(req), &req);
122 free_head = qvirtqueue_add(vq, req_addr, sizeof(req), false, true);
124 if (data_out_len) {
125 data_out_addr = qvirtio_scsi_alloc(vs, data_out_len, data_out);
126 qvirtqueue_add(vq, data_out_addr, data_out_len, false, true);
129 /* Add response header */
130 resp_addr = qvirtio_scsi_alloc(vs, sizeof(resp), &resp);
131 qvirtqueue_add(vq, resp_addr, sizeof(resp), true, !!data_in_len);
133 if (data_in_len) {
134 data_in_addr = qvirtio_scsi_alloc(vs, data_in_len, data_in);
135 qvirtqueue_add(vq, data_in_addr, data_in_len, true, false);
138 qvirtqueue_kick(&qvirtio_pci, vs->dev, vq, free_head);
139 qvirtio_wait_queue_isr(&qvirtio_pci, vs->dev, vq, QVIRTIO_SCSI_TIMEOUT_US);
141 response = readb(resp_addr + offsetof(QVirtIOSCSICmdResp, response));
143 if (resp_out) {
144 memread(resp_addr, resp_out, sizeof(*resp_out));
147 guest_free(vs->alloc, req_addr);
148 guest_free(vs->alloc, resp_addr);
149 guest_free(vs->alloc, data_in_addr);
150 guest_free(vs->alloc, data_out_addr);
151 return response;
154 static QVirtIOSCSI *qvirtio_scsi_pci_init(int slot)
156 const uint8_t test_unit_ready_cdb[CDB_SIZE] = {};
157 QVirtIOSCSI *vs;
158 QVirtioPCIDevice *dev;
159 QVirtIOSCSICmdResp resp;
160 void *addr;
161 int i;
163 vs = g_new0(QVirtIOSCSI, 1);
164 vs->alloc = pc_alloc_init();
165 vs->bus = qpci_init_pc();
167 dev = qvirtio_pci_device_find(vs->bus, QVIRTIO_SCSI_DEVICE_ID);
168 vs->dev = (QVirtioDevice *)dev;
169 g_assert(dev != NULL);
170 g_assert_cmphex(vs->dev->device_type, ==, QVIRTIO_SCSI_DEVICE_ID);
172 qvirtio_pci_device_enable(dev);
173 qvirtio_reset(&qvirtio_pci, vs->dev);
174 qvirtio_set_acknowledge(&qvirtio_pci, vs->dev);
175 qvirtio_set_driver(&qvirtio_pci, vs->dev);
177 addr = dev->addr + QVIRTIO_PCI_DEVICE_SPECIFIC_NO_MSIX;
178 vs->num_queues = qvirtio_config_readl(&qvirtio_pci, vs->dev,
179 (uint64_t)(uintptr_t)addr);
181 g_assert_cmpint(vs->num_queues, <, MAX_NUM_QUEUES);
183 for (i = 0; i < vs->num_queues + 2; i++) {
184 vs->vq[i] = qvirtqueue_setup(&qvirtio_pci, vs->dev, vs->alloc, i);
187 /* Clear the POWER ON OCCURRED unit attention */
188 g_assert_cmpint(virtio_scsi_do_command(vs, test_unit_ready_cdb,
189 NULL, 0, NULL, 0, &resp),
190 ==, 0);
191 g_assert_cmpint(resp.status, ==, CHECK_CONDITION);
192 g_assert_cmpint(resp.sense[0], ==, 0x70); /* Fixed format sense buffer */
193 g_assert_cmpint(resp.sense[2], ==, UNIT_ATTENTION);
194 g_assert_cmpint(resp.sense[12], ==, 0x29); /* POWER ON */
195 g_assert_cmpint(resp.sense[13], ==, 0x00);
197 return vs;
200 /* Tests only initialization so far. TODO: Replace with functional tests */
201 static void pci_nop(void)
203 qvirtio_scsi_start(NULL);
204 qvirtio_scsi_stop();
207 static void hotplug(void)
209 QDict *response;
211 qvirtio_scsi_start("-drive id=drv1,if=none,file=/dev/null,format=raw");
212 response = qmp("{\"execute\": \"device_add\","
213 " \"arguments\": {"
214 " \"driver\": \"scsi-hd\","
215 " \"id\": \"scsi-hd\","
216 " \"drive\": \"drv1\""
217 "}}");
219 g_assert(response);
220 g_assert(!qdict_haskey(response, "error"));
221 QDECREF(response);
223 response = qmp("{\"execute\": \"device_del\","
224 " \"arguments\": {"
225 " \"id\": \"scsi-hd\""
226 "}}");
228 g_assert(response);
229 g_assert(!qdict_haskey(response, "error"));
230 g_assert(qdict_haskey(response, "event"));
231 g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED"));
232 QDECREF(response);
233 qvirtio_scsi_stop();
236 /* Test WRITE SAME with the lba not aligned */
237 static void test_unaligned_write_same(void)
239 QVirtIOSCSI *vs;
240 uint8_t buf1[512] = { 0 };
241 uint8_t buf2[512] = { 1 };
242 const uint8_t write_same_cdb_1[CDB_SIZE] = { 0x41, 0x00, 0x00, 0x00, 0x00,
243 0x01, 0x00, 0x00, 0x02, 0x00 };
244 const uint8_t write_same_cdb_2[CDB_SIZE] = { 0x41, 0x00, 0x00, 0x00, 0x00,
245 0x01, 0x00, 0x33, 0x00, 0x00 };
247 qvirtio_scsi_start("-drive file=blkdebug::null-co://,if=none,id=dr1"
248 ",format=raw,file.align=4k "
249 "-device scsi-disk,drive=dr1,lun=0,scsi-id=1");
250 vs = qvirtio_scsi_pci_init(PCI_SLOT);
252 g_assert_cmphex(0, ==,
253 virtio_scsi_do_command(vs, write_same_cdb_1, NULL, 0, buf1, 512, NULL));
255 g_assert_cmphex(0, ==,
256 virtio_scsi_do_command(vs, write_same_cdb_2, NULL, 0, buf2, 512, NULL));
258 qvirtio_scsi_pci_free(vs);
259 qvirtio_scsi_stop();
262 int main(int argc, char **argv)
264 int ret;
266 g_test_init(&argc, &argv, NULL);
267 qtest_add_func("/virtio/scsi/pci/nop", pci_nop);
268 qtest_add_func("/virtio/scsi/pci/hotplug", hotplug);
269 qtest_add_func("/virtio/scsi/pci/scsi-disk/unaligned-write-same",
270 test_unaligned_write_same);
272 ret = g_test_run();
274 return ret;