From feed4b4d9e59fb45c9a2998099d4c0f98538354a Mon Sep 17 00:00:00 2001
From: Xiao Wang <jasowang@redhat.com>
Date: Mon, 10 Aug 2015 05:09:27 +0200
Subject: [PATCH 06/16] virtio-9p: fix any_layout

Message-id: <1439183375-4841-7-git-send-email-jasowang@redhat.com>
Patchwork-id: 67433
O-Subject: [RHEL7.2 qemu-kvm-rhev PATCH 06/14] virtio-9p: fix any_layout
Bugzilla: 1248312
RH-Acked-by: Vlad Yasevich <vyasevic@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>

From: "Michael S. Tsirkin" <mst@redhat.com>

Notes: Conflicts since commit d49b68364414d649b8e26232f2a600d415611662
("qerror: Move #include out of qerror.h") was not backported.

virtio pci allows any device to have a modern interface,
this in turn requires ANY_LAYOUT support.
Fix up ANY_LAYOUT for virtio-9p.

Reported-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit cd4bfbb20d957a480032e2626ef1188b62c74d00)
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

Conflicts:
	hw/9pfs/virtio-9p.c
---
 hw/9pfs/virtio-9p.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 4964da0..85e8e35 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -13,6 +13,7 @@
 
 #include "hw/virtio/virtio.h"
 #include "hw/i386/pc.h"
+#include "qemu/iov.h"
 #include "qemu/sockets.h"
 #include "virtio-9p.h"
 #include "fsdev/qemu-fsdev.h"
@@ -3260,16 +3261,26 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
 
     while ((pdu = alloc_pdu(s)) &&
             (len = virtqueue_pop(vq, &pdu->elem)) != 0) {
-        uint8_t *ptr;
+        struct {
+            uint32_t size_le;
+            uint8_t id;
+            uint16_t tag_le;
+        } QEMU_PACKED out;
+        int len;
+
         pdu->s = s;
         BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
-        BUG_ON(pdu->elem.out_sg[0].iov_len < 7);
+        QEMU_BUILD_BUG_ON(sizeof out != 7);
+
+        len = iov_to_buf(pdu->elem.out_sg, pdu->elem.out_num, 0,
+                         &out, sizeof out);
+        BUG_ON(len != sizeof out);
+
+        pdu->size = le32_to_cpu(out.size_le);
 
-        ptr = pdu->elem.out_sg[0].iov_base;
+        pdu->id = out.id;
+        pdu->tag = le16_to_cpu(out.tag_le);
 
-        pdu->size = le32_to_cpu(*(uint32_t *)ptr);
-        pdu->id = ptr[4];
-        pdu->tag = le16_to_cpu(*(uint16_t *)(ptr + 5));
         qemu_co_queue_init(&pdu->complete);
         submit_pdu(s, pdu);
     }
-- 
1.8.3.1