aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2014-06-10 16:53:39 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2014-06-18 08:47:11 +0200
commitb0b4ea17dc7572ca79b2bb54447de5333dada5b2 (patch)
tree753b81095e7c7ffbef4710d5c17ad4271bd338ae /hw/scsi
parent36b15c79aa1bef5fe7543f9f2629b6413720bbfb (diff)
downloadqemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.zip
qemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.tar.gz
qemu-b0b4ea17dc7572ca79b2bb54447de5333dada5b2.tar.bz2
virtio-scsi: add target swap for VirtIOSCSICtrlTMFReq fields
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi')
-rw-r--r--hw/scsi/virtio-scsi.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index f013e35..ec9a536 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -207,6 +207,7 @@ static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
/* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */
req->resp.tmf->response = VIRTIO_SCSI_S_OK;
+ tswap32s(&req->req.tmf->subtype);
switch (req->req.tmf->subtype) {
case VIRTIO_SCSI_T_TMF_ABORT_TASK:
case VIRTIO_SCSI_T_TMF_QUERY_TASK:
@@ -314,8 +315,11 @@ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0,
&type, sizeof(type)) < sizeof(type)) {
virtio_scsi_bad_req();
+ continue;
+ }
- } else if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
+ tswap32s(&req->req.tmf->type);
+ if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq),
sizeof(VirtIOSCSICtrlTMFResp)) < 0) {
virtio_scsi_bad_req();