diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2014-06-10 16:53:39 +0200 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2014-06-18 08:47:11 +0200 |
commit | b0b4ea17dc7572ca79b2bb54447de5333dada5b2 (patch) | |
tree | 753b81095e7c7ffbef4710d5c17ad4271bd338ae /hw/scsi | |
parent | 36b15c79aa1bef5fe7543f9f2629b6413720bbfb (diff) | |
download | qemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.zip qemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.tar.gz qemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.tar.bz2 |
virtio-scsi: add target swap for VirtIOSCSICtrlTMFReq fields
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi')
-rw-r--r-- | hw/scsi/virtio-scsi.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index f013e35..ec9a536 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -207,6 +207,7 @@ static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req) /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */ req->resp.tmf->response = VIRTIO_SCSI_S_OK; + tswap32s(&req->req.tmf->subtype); switch (req->req.tmf->subtype) { case VIRTIO_SCSI_T_TMF_ABORT_TASK: case VIRTIO_SCSI_T_TMF_QUERY_TASK: @@ -314,8 +315,11 @@ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, &type, sizeof(type)) < sizeof(type)) { virtio_scsi_bad_req(); + continue; + } - } else if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) { + tswap32s(&req->req.tmf->type); + if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) { if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq), sizeof(VirtIOSCSICtrlTMFResp)) < 0) { virtio_scsi_bad_req(); |