The local variable "type" in virtio_scsi_handle_ctl represents the tmf
command type from the guest and it has the same meaning as the
req->req.tmf.type. However, before the invoking of virtio_scsi_parse_req
the req->req.tmf.type doesn't has the correct value(just initialized to
zero). Therefore, we need to use the "type" variable to judge the case.
Signed-off-by: Bin Wu <wu.wu...@huawei.com>
---
hw/scsi/virtio-scsi.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index a1725b8..5742d39 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -378,8 +378,8 @@ void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s,
VirtIOSCSIReq *req)
return;
}
- virtio_tswap32s(vdev, &req->req.tmf.type);
- if (req->req.tmf.type == VIRTIO_SCSI_T_TMF) {
+ virtio_tswap32s(vdev, &type);
+ if (type == VIRTIO_SCSI_T_TMF) {
if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq),
sizeof(VirtIOSCSICtrlTMFResp)) < 0) {
virtio_scsi_bad_req();
@@ -387,8 +387,8 @@ void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s,
VirtIOSCSIReq *req)
r = virtio_scsi_do_tmf(s, req);
}
- } else if (req->req.tmf.type == VIRTIO_SCSI_T_AN_QUERY ||
- req->req.tmf.type == VIRTIO_SCSI_T_AN_SUBSCRIBE) {
+ } else if (type == VIRTIO_SCSI_T_AN_QUERY ||
+ type == VIRTIO_SCSI_T_AN_SUBSCRIBE) {
if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlANReq),
sizeof(VirtIOSCSICtrlANResp)) < 0) {
virtio_scsi_bad_req();
--
1.7.12.4
