From patchwork Fri Sep  9 14:47:26 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 114104
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [140.186.70.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id CC36FB6F83
	for <incoming@patchwork.ozlabs.org>;
	Sat, 10 Sep 2011 00:48:02 +1000 (EST)
Received: from localhost ([::1]:44029 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1R22Mw-0008L0-B0
	for incoming@patchwork.ozlabs.org; Fri, 09 Sep 2011 10:47:50 -0400
Received: from eggs.gnu.org ([140.186.70.92]:52233)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1R22Mq-0008Kt-Q6
	for qemu-devel@nongnu.org; Fri, 09 Sep 2011 10:47:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1R22Mp-0004qg-EO
	for qemu-devel@nongnu.org; Fri, 09 Sep 2011 10:47:44 -0400
Received: from mail-vx0-f173.google.com ([209.85.220.173]:47525)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1R22Mp-0004qX-3a
	for qemu-devel@nongnu.org; Fri, 09 Sep 2011 10:47:43 -0400
Received: by vxj15 with SMTP id 15so849328vxj.4
	for <qemu-devel@nongnu.org>; Fri, 09 Sep 2011 07:47:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=sender:from:to:subject:date:message-id:x-mailer;
	bh=SQ9K9/jt6xlGUhavpVh7wvidCTNpqvpIOXLJDA+tQFM=;
	b=QAC1pwRal2OI9d6cHaMkOxjIXKrjAoMvIOILz0cOtBOY+G+T2vUv8leJsWZv9ommct
	wLSmz9mpJA3zaffGZfsipdIRCkFAi+CZfxapAUN1L6gLV5mb3JKxEe51cpe1DchAfcin
	mm0K6pvXnyc7e0AniRCW0xA9JqPNqso8lRQdo=
Received: by 10.52.70.12 with SMTP id i12mr189610vdu.175.1315579662148;
	Fri, 09 Sep 2011 07:47:42 -0700 (PDT)
Received: from localhost.localdomain (93-34-199-31.ip51.fastwebnet.it
	[93.34.199.31]) by mx.google.com with ESMTPS id
	du1sm4837308vdb.11.2011.09.09.07.47.39
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 09 Sep 2011 07:47:40 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Fri,  9 Sep 2011 16:47:26 +0200
Message-Id: <1315579646-6874-1-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.7.6
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 209.85.220.173
Subject: [Qemu-devel] [PATCH] scsi: fix sign extension problems
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: </archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

When assigning a 32-bit value to cmd->xfer (which is 64-bits)
it can be erroneously sign extended because the intermediate
32-bit computation is signed.  Fix this by standardizing on
the ld*_be_p functions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi-bus.c |   22 +++++++---------------
 1 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 96d6305..731d3b9 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -546,15 +546,15 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
         break;
     case 1:
     case 2:
-        cmd->xfer = buf[8] | (buf[7] << 8);
+        cmd->xfer = lduw_be_p(&buf[7]);
         cmd->len = 10;
         break;
     case 4:
-        cmd->xfer = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
+        cmd->xfer = ldl_be_p(&buf[10]);
         cmd->len = 16;
         break;
     case 5:
-        cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
+        cmd->xfer = ldl_be_p(&buf[6]);
         cmd->len = 12;
         break;
     default:
@@ -714,23 +714,15 @@ static uint64_t scsi_cmd_lba(SCSICommand *cmd)
 
     switch (buf[0] >> 5) {
     case 0:
-        lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
-              (((uint64_t) buf[1] & 0x1f) << 16);
+        lba = ldl_be_p(&buf[0]) & 0x1fffff;
         break;
     case 1:
     case 2:
-        lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
-              ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
+    case 5:
+        lba = ldl_be_p(&buf[2]);
         break;
     case 4:
-        lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
-              ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
-              ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
-              ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
-        break;
-    case 5:
-        lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
-              ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
+        lba = ldq_be_p(&buf[2]);
         break;
     default:
         lba = -1;