[Qemu-devel] [PATCH] virtio-scsi: Fix subtle (guest) endian bug

[Qemu-devel] [PATCH] virtio-scsi: Fix subtle (guest) endian bug

[David Gibson]

The virtio-scsi config space is, by specification, in guest endian (which
is ill-defined, but there you go).  In virtio_scsi_get_config() we set up
all the fields in there, using stl_raw().  Which is a problem for the
max_channel and max_target fields, which are 16-bit, not 32-bit.  For
little-endian targets we get away with it by accident, since the first
two bytes will still be correct, and the extra two bytes written (with
zeroes) will be overwritten correctly by the next store.

But for big-endian guests, this means the max_target field ends up as zero,
which means the guest will only recognize a single disk on the virtio-scsi
bus.  This patch fixes the problem.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/virtio-scsi.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 9d27d1d..6eb2e03 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -533,8 +533,8 @@ static void virtio_scsi_get_config(VirtIODevice *vdev,
     stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
     stl_raw(&scsiconf->sense_size, s->sense_size);
     stl_raw(&scsiconf->cdb_size, s->cdb_size);
-    stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
-    stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
+    stw_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
+    stw_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
     stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
 }
 
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH] virtio-scsi: Fix subtle (guest) endian bug

[Paolo Bonzini]

Il 26/11/2012 02:33, David Gibson ha scritto:
> The virtio-scsi config space is, by specification, in guest endian (which
> is ill-defined, but there you go).  In virtio_scsi_get_config() we set up
> all the fields in there, using stl_raw().  Which is a problem for the
> max_channel and max_target fields, which are 16-bit, not 32-bit.  For
> little-endian targets we get away with it by accident, since the first
> two bytes will still be correct, and the extra two bytes written (with
> zeroes) will be overwritten correctly by the next store.
> 
> But for big-endian guests, this means the max_target field ends up as zero,
> which means the guest will only recognize a single disk on the virtio-scsi
> bus.  This patch fixes the problem.
> 
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
>  hw/virtio-scsi.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
> index 9d27d1d..6eb2e03 100644
> --- a/hw/virtio-scsi.c
> +++ b/hw/virtio-scsi.c
> @@ -533,8 +533,8 @@ static void virtio_scsi_get_config(VirtIODevice *vdev,
>      stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
>      stl_raw(&scsiconf->sense_size, s->sense_size);
>      stl_raw(&scsiconf->cdb_size, s->cdb_size);
> -    stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
> -    stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
> +    stw_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
> +    stw_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
>      stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
>  }
>  
> 

Thanks, applied to scsi-next branch.

Paolo