From: Alexey Kardashevskiy <aik@ozlabs.ru>
To: qemu-devel@nongnu.org
Cc: Anthony Liguori <aliguori@us.ibm.com>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
Alexander Graf <agraf@suse.de>,
qemu-trivial@nongnu.org, qemu-ppc@nongnu.org,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [Qemu-devel] [PATCH] spapr-vscsi: fix SOLNT bit in SRP_RSP
Date: Mon, 29 Jul 2013 14:48:39 +1000 [thread overview]
Message-ID: <1375073319-17488-1-git-send-email-aik@ozlabs.ru> (raw)
The driver calculates SOLNT bit from UCSOLNT and SCSOLNT bits from
the request. The iu pointer has a type of srp_iu* which points to a union,
so cmd and rsp overlap. As the vscsi_send_rsp function calls
memset(iu, 0, sizeof(rsp)), it clears first 36 bytes of both cmd and rsp
so cmd.sol_not is always zero at the moment of calculating rsp.sol_not.
This fixes the bug.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Is that really trivial? I am not so sure but put qemu-trivial@ to copy :)
---
hw/scsi/spapr_vscsi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
index 55b44b9..541ffcc 100644
--- a/hw/scsi/spapr_vscsi.c
+++ b/hw/scsi/spapr_vscsi.c
@@ -217,6 +217,7 @@ static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
union viosrp_iu *iu = &req->iu;
uint64_t tag = iu->srp.rsp.tag;
int total_len = sizeof(iu->srp.rsp);
+ uint8_t sol_not = iu->srp.cmd.sol_not;
dprintf("VSCSI: Sending resp status: 0x%x, "
"res_in: %d, res_out: %d\n", status, res_in, res_out);
@@ -249,7 +250,7 @@ static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
/* Handle success vs. failure */
iu->srp.rsp.status = status;
if (status) {
- iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x04) >> 2;
+ iu->srp.rsp.sol_not = (sol_not & 0x04) >> 2;
if (req->senselen) {
req->iu.srp.rsp.flags |= SRP_RSP_FLAG_SNSVALID;
req->iu.srp.rsp.sense_data_len = cpu_to_be32(req->senselen);
@@ -257,7 +258,7 @@ static int vscsi_send_rsp(VSCSIState *s, vscsi_req *req,
total_len += req->senselen;
}
} else {
- iu->srp.rsp.sol_not = (iu->srp.cmd.sol_not & 0x02) >> 1;
+ iu->srp.rsp.sol_not = (sol_not & 0x02) >> 1;
}
vscsi_send_iu(s, req, total_len, VIOSRP_SRP_FORMAT);
--
1.8.3.2
next reply other threads:[~2013-07-29 4:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-29 4:48 Alexey Kardashevskiy [this message]
2013-07-29 20:23 ` [Qemu-devel] [PATCH] spapr-vscsi: fix SOLNT bit in SRP_RSP Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1375073319-17488-1-git-send-email-aik@ozlabs.ru \
--to=aik@ozlabs.ru \
--cc=agraf@suse.de \
--cc=aliguori@us.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-trivial@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).