vhost/scsi doesn't handle type conversion correctly
for request type when using virtio 1.0 and up for BE,
or cross-endian platforms.
Fix it up using vhost_32_to_cpu.
Cc: stable at vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
---
drivers/vhost/scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c
index 6fb4d7ecfa19..b22adf03f584 100644
--- a/drivers/vhost/scsi.c
+++ b/drivers/vhost/scsi.c
@@ -1215,7 +1215,7 @@ vhost_scsi_ctl_handle_vq(struct vhost_scsi *vs, struct
vhost_virtqueue *vq)
continue;
}
- switch (v_req.type) {
+ switch (vhost32_to_cpu(vq, v_req.type)) {
case VIRTIO_SCSI_T_TMF:
vc.req = &v_req.tmf;
vc.req_size = sizeof(struct virtio_scsi_ctrl_tmf_req);
--
MST
On 2020/7/10 ??6:48, Michael S. Tsirkin wrote:> vhost/scsi doesn't handle type conversion correctly > for request type when using virtio 1.0 and up for BE, > or cross-endian platforms. > > Fix it up using vhost_32_to_cpu. > > Cc: stable at vger.kernel.org > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > --- > drivers/vhost/scsi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c > index 6fb4d7ecfa19..b22adf03f584 100644 > --- a/drivers/vhost/scsi.c > +++ b/drivers/vhost/scsi.c > @@ -1215,7 +1215,7 @@ vhost_scsi_ctl_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq) > continue; > } > > - switch (v_req.type) { > + switch (vhost32_to_cpu(vq, v_req.type)) { > case VIRTIO_SCSI_T_TMF: > vc.req = &v_req.tmf; > vc.req_size = sizeof(struct virtio_scsi_ctrl_tmf_req);Acked-by: Jason Wang <jasowang at redhat.com>
On Fri, Jul 10, 2020 at 06:48:51AM -0400, Michael S. Tsirkin wrote:> vhost/scsi doesn't handle type conversion correctly > for request type when using virtio 1.0 and up for BE, > or cross-endian platforms. > > Fix it up using vhost_32_to_cpu. > > Cc: stable at vger.kernel.org > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > --- > drivers/vhost/scsi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20200713/939172bc/attachment-0001.sig>