diff options
author | Klaus Jensen | 2020-08-24 11:55:46 +0200 |
---|---|---|
committer | Klaus Jensen | 2020-10-27 07:24:46 +0100 |
commit | fd90f26cc732b5c0f51140ba0d1f7fd31e8bf910 (patch) | |
tree | 578d8b270945f9994a5fd79b2472aa49ab49343c /hw/block | |
parent | hw/block/nvme: add a lba to bytes helper (diff) | |
download | qemu-fd90f26cc732b5c0f51140ba0d1f7fd31e8bf910.tar.gz qemu-fd90f26cc732b5c0f51140ba0d1f7fd31e8bf910.tar.xz qemu-fd90f26cc732b5c0f51140ba0d1f7fd31e8bf910.zip |
hw/block/nvme: fix endian conversion
The raw NLB field is a 16 bit value, so use le16_to_cpu instead of
le32_to_cpu and cast to uint32_t before incrementing the value to not
wrap around.
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Diffstat (limited to 'hw/block')
-rw-r--r-- | hw/block/nvme.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 59338b4232..158843c14a 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -645,7 +645,7 @@ static uint16_t nvme_write_zeroes(NvmeCtrl *n, NvmeRequest *req) NvmeRwCmd *rw = (NvmeRwCmd *)&req->cmd; NvmeNamespace *ns = req->ns; uint64_t slba = le64_to_cpu(rw->slba); - uint32_t nlb = le16_to_cpu(rw->nlb) + 1; + uint32_t nlb = (uint32_t)le16_to_cpu(rw->nlb) + 1; uint64_t offset = nvme_l2b(ns, slba); uint32_t count = nvme_l2b(ns, nlb); uint16_t status; @@ -669,7 +669,7 @@ static uint16_t nvme_rw(NvmeCtrl *n, NvmeRequest *req) { NvmeRwCmd *rw = (NvmeRwCmd *)&req->cmd; NvmeNamespace *ns = req->ns; - uint32_t nlb = le32_to_cpu(rw->nlb) + 1; + uint32_t nlb = (uint32_t)le16_to_cpu(rw->nlb) + 1; uint64_t slba = le64_to_cpu(rw->slba); uint64_t data_size = nvme_l2b(ns, nlb); |