[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 17/20] scsi: fix sign extension problems
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 17/20] scsi: fix sign extension problems |
Date: |
Tue, 20 Sep 2011 13:11:49 +0200 |
From: Paolo Bonzini <address@hidden>
When assigning a 32-bit value to cmd->xfer (which is 64-bits)
it can be erroneously sign extended because the intermediate
32-bit computation is signed. Fix this by standardizing on
the ld*_be_p functions.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
hw/scsi-bus.c | 22 +++++++---------------
1 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 0248294..aca65a1 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -542,15 +542,15 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice
*dev, uint8_t *buf)
break;
case 1:
case 2:
- cmd->xfer = buf[8] | (buf[7] << 8);
+ cmd->xfer = lduw_be_p(&buf[7]);
cmd->len = 10;
break;
case 4:
- cmd->xfer = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] <<
24);
+ cmd->xfer = ldl_be_p(&buf[10]);
cmd->len = 16;
break;
case 5:
- cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
+ cmd->xfer = ldl_be_p(&buf[6]);
cmd->len = 12;
break;
default:
@@ -710,23 +710,15 @@ static uint64_t scsi_cmd_lba(SCSICommand *cmd)
switch (buf[0] >> 5) {
case 0:
- lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
- (((uint64_t) buf[1] & 0x1f) << 16);
+ lba = ldl_be_p(&buf[0]) & 0x1fffff;
break;
case 1:
case 2:
- lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
- ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
+ case 5:
+ lba = ldl_be_p(&buf[2]);
break;
case 4:
- lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
- ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
- ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
- ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
- break;
- case 5:
- lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
- ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
+ lba = ldq_be_p(&buf[2]);
break;
default:
lba = -1;
--
1.7.6.2
- [Qemu-devel] [PATCH 06/20] dma-helpers: rename is_write to to_dev, (continued)
- [Qemu-devel] [PATCH 06/20] dma-helpers: rename is_write to to_dev, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 11/20] VMDK: fix leak of extent_file, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 09/20] scsi-disk: commonize iovec creation between reads and writes, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 04/20] raw-posix: Fix bdrv_flush error return values, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 12/20] posix-aio-compat: Removed unused offset variable, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 10/20] scsi-disk: lazily allocate bounce buffer, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 16/20] rbd: call flush, if available, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 13/20] AHCI Port Interrupt Enable register cleaning on soft reset, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 14/20] rbd: ignore failures when reading from default conf location, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 18/20] block: avoid SIGUSR2, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 17/20] scsi: fix sign extension problems,
Kevin Wolf <=
- [Qemu-devel] [PATCH 15/20] rbd: update comment heading, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 19/20] linux-aio: remove process requests callback, Kevin Wolf, 2011/09/20
- [Qemu-devel] [PATCH 20/20] rbd: allow escaping in config string, Kevin Wolf, 2011/09/20
- Re: [Qemu-devel] [PULL 00/20] Block patches, Anthony Liguori, 2011/09/20