From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 6 Sep 2021 04:55:23 +0000 (+0200)
Subject: usb-storage: tag usb_msd_csw as packed struct
X-Git-Tag: v6.2.0-rc0~19^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=58d7d4c7869cb3addb0714aa7b6bd88f2b6b7edf;p=thirdparty%2Fqemu.git

usb-storage: tag usb_msd_csw as packed struct

Without this the struct has the wrong size: sizeof() evaluates
to 16 instead of 13.  In most cases the bug is hidden by the
fact that guests submits a buffer which is exactly 13 bytes
long, so the padding added by the compiler is simply ignored.

But sometimes guests submit a larger buffer and expect a short
transfer, which does not work properly with the wrong struct
size.

Cc: vintagepc404@protonmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fixes: a917d384ac0 ("SCSI TCQ support.")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210906045523.1259629-1-kraxel@redhat.com>
---

diff --git a/include/hw/usb/msd.h b/include/hw/usb/msd.h
index 7538c54569b..54e9f38bda4 100644
--- a/include/hw/usb/msd.h
+++ b/include/hw/usb/msd.h
@@ -17,7 +17,7 @@ enum USBMSDMode {
     USB_MSDM_CSW /* Command Status.  */
 };
 
-struct usb_msd_csw {
+struct QEMU_PACKED usb_msd_csw {
     uint32_t sig;
     uint32_t tag;
     uint32_t residue;