Patchwork [2/2] usb-storage: fix SYNCHRONIZE_CACHE

login
register
mail settings
Submitter Gerd Hoffmann
Date Aug. 7, 2012, 8:59 a.m.
Message ID <1344329980-25015-3-git-send-email-kraxel@redhat.com>
Download mbox | patch
Permalink /patch/175541/
State New
Headers show

Comments

Gerd Hoffmann - Aug. 7, 2012, 8:59 a.m.
Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete,
we'll arrive in the scsi command complete callback in CSW state
and must handle that case correctly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-storage.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
Michael Tokarev - Aug. 10, 2012, 11:13 a.m.
On 07.08.2012 12:59, Gerd Hoffmann wrote:
> Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete,
> we'll arrive in the scsi command complete callback in CSW state
> and must handle that case correctly.

It appears to be 1.1-stable material, rigt?
What's the outcome of the issue -- guest-triggerable qemu crashing?

Thanks,

/mjt

> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  hw/usb/dev-storage.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
> index 976fe1a..ff48d91 100644
> --- a/hw/usb/dev-storage.c
> +++ b/hw/usb/dev-storage.c
> @@ -247,6 +247,9 @@ static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, size_t r
>                 the status read packet.  */
>              usb_msd_send_status(s, p);
>              s->mode = USB_MSDM_CBW;
> +        } else if (s->mode == USB_MSDM_CSW) {
> +            usb_msd_send_status(s, p);
> +            s->mode = USB_MSDM_CBW;
>          } else {
>              if (s->data_len) {
>                  int len = (p->iov.size - p->result);

Patch

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 976fe1a..ff48d91 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -247,6 +247,9 @@  static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, size_t r
                the status read packet.  */
             usb_msd_send_status(s, p);
             s->mode = USB_MSDM_CBW;
+        } else if (s->mode == USB_MSDM_CSW) {
+            usb_msd_send_status(s, p);
+            s->mode = USB_MSDM_CBW;
         } else {
             if (s->data_len) {
                 int len = (p->iov.size - p->result);