On 07.08.2012 12:59, Gerd Hoffmann wrote:
> Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete,
> we'll arrive in the scsi command complete callback in CSW state
> and must handle that case correctly.
It appears to be 1.1-stable material, rigt?
What's the outcome of the issue -- guest-triggerable qemu crashing?
Thanks,
/mjt
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
> ---
> hw/usb/dev-storage.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
> index 976fe1a..ff48d91 100644
> --- a/hw/usb/dev-storage.c
> +++ b/hw/usb/dev-storage.c
> @@ -247,6 +247,9 @@ static void usb_msd_command_complete(SCSIRequest *req,
> uint32_t status, size_t r
> the status read packet. */
> usb_msd_send_status(s, p);
> s->mode = USB_MSDM_CBW;
> + } else if (s->mode == USB_MSDM_CSW) {
> + usb_msd_send_status(s, p);
> + s->mode = USB_MSDM_CBW;
> } else {
> if (s->data_len) {
> int len = (p->iov.size - p->result);
