| Message ID | 1334828810-14291-1-git-send-email-kraxel@redhat.com |
|---|---|
| State | New |
| Headers | show |
Looks good, Acked-by: Hans de Goede <hdegoede@redhat.com> Regards, Hans On 04/19/2012 11:46 AM, Gerd Hoffmann wrote: > Little fix for usb packet handling on i/o cancelation. The > usb packet pointer (s->packet) is cleared at the wrong place: > The scsi request cancel handler does it. When a usb packet > is canceled the usb-storage emulation canceles the scsi request > if present. In most cases there is one, so usually s->packet > is cleared as needed even with the code sitting at the wrong > place. > > If there is no scsi request in flight s->packet is not cleared > though. The usb-storage emulation will then try to complete an > usb packet which is not in flight any more and thereby trigger > an assert() in the usb core. > > Fix this by clearing s->packet at the correct place, which is > the usb packet cancel header. > > Signed-off-by: Gerd Hoffmann<kraxel@redhat.com> > --- > hw/usb/dev-storage.c | 4 +++- > 1 files changed, 3 insertions(+), 1 deletions(-) > > diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c > index d865a5e..3d2f244 100644 > --- a/hw/usb/dev-storage.c > +++ b/hw/usb/dev-storage.c > @@ -268,7 +268,6 @@ static void usb_msd_request_cancelled(SCSIRequest *req) > if (req == s->req) { > scsi_req_unref(s->req); > s->req = NULL; > - s->packet = NULL; > s->scsi_len = 0; > } > } > @@ -330,6 +329,9 @@ static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p) > { > MSDState *s = DO_UPCAST(MSDState, dev, dev); > > + assert(s->packet == p); > + s->packet = NULL; > + > if (s->req) { > scsi_req_cancel(s->req); > }
Il 19/04/2012 11:46, Gerd Hoffmann ha scritto: > Little fix for usb packet handling on i/o cancelation. The > usb packet pointer (s->packet) is cleared at the wrong place: > The scsi request cancel handler does it. When a usb packet > is canceled the usb-storage emulation canceles the scsi request > if present. In most cases there is one, so usually s->packet > is cleared as needed even with the code sitting at the wrong > place. > > If there is no scsi request in flight s->packet is not cleared > though. The usb-storage emulation will then try to complete an > usb packet which is not in flight any more and thereby trigger > an assert() in the usb core. > > Fix this by clearing s->packet at the correct place, which is > the usb packet cancel header. > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> > --- > hw/usb/dev-storage.c | 4 +++- > 1 files changed, 3 insertions(+), 1 deletions(-) > > diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c > index d865a5e..3d2f244 100644 > --- a/hw/usb/dev-storage.c > +++ b/hw/usb/dev-storage.c > @@ -268,7 +268,6 @@ static void usb_msd_request_cancelled(SCSIRequest *req) > if (req == s->req) { > scsi_req_unref(s->req); > s->req = NULL; > - s->packet = NULL; > s->scsi_len = 0; > } > } > @@ -330,6 +329,9 @@ static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p) > { > MSDState *s = DO_UPCAST(MSDState, dev, dev); > > + assert(s->packet == p); > + s->packet = NULL; > + > if (s->req) { > scsi_req_cancel(s->req); > } Looks good, Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index d865a5e..3d2f244 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -268,7 +268,6 @@ static void usb_msd_request_cancelled(SCSIRequest *req) if (req == s->req) { scsi_req_unref(s->req); s->req = NULL; - s->packet = NULL; s->scsi_len = 0; } } @@ -330,6 +329,9 @@ static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p) { MSDState *s = DO_UPCAST(MSDState, dev, dev); + assert(s->packet == p); + s->packet = NULL; + if (s->req) { scsi_req_cancel(s->req); }
Little fix for usb packet handling on i/o cancelation. The usb packet pointer (s->packet) is cleared at the wrong place: The scsi request cancel handler does it. When a usb packet is canceled the usb-storage emulation canceles the scsi request if present. In most cases there is one, so usually s->packet is cleared as needed even with the code sitting at the wrong place. If there is no scsi request in flight s->packet is not cleared though. The usb-storage emulation will then try to complete an usb packet which is not in flight any more and thereby trigger an assert() in the usb core. Fix this by clearing s->packet at the correct place, which is the usb packet cancel header. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- hw/usb/dev-storage.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-)