On Tue, 20 Jan 2015 11:08:24 +0000
Stefan Hajnoczi <stefanha@xxxxxxxxx> wrote:
> On Thu, Dec 11, 2014 at 02:25:12PM +0100, Cornelia Huck wrote:
> > @@ -608,6 +631,25 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
> > }
> > }
> > break;
> > + case CCW_CMD_SET_VIRTIO_REV:
> > + len = sizeof(revinfo);
> > + if (ccw.count < len || (check_len && ccw.count > len)) {
> > + ret = -EINVAL;
> > + break;
> > + }
> > + if (!ccw.cda) {
> > + ret = -EFAULT;
> > + break;
> > + }
> > + cpu_physical_memory_read(ccw.cda, &revinfo, len);
> > + if (dev->revision >= 0 ||
> > + revinfo.revision > virtio_ccw_rev_max(dev)) {
>
> In the next patch virtio_ccw_handle_set_vq() uses big-endian memory
> access functions to load a struct from guest memory.
>
> Here you just copy the struct in without byteswaps.
>
> Are the byteswaps missing here? (I guess this normally runs big-endian
> guests on big-endian hosts so it's not noticable.)
Indeed, these are supposed to be big-endian. I'll double check the
other payloads.
Thanks for spotting this!
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
