diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-07-16 18:50:51 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-07-16 18:50:51 +0100 |
| commit | 95d1fbabae0cd44156ac4b96d512d143ca7dfd5e (patch) | |
| tree | fc262e6b1549a834a864b27d4f6d0ea8264c898f | |
| parent | 175788d4eb91a840e9505d84ff2c6bedf4380143 (diff) | |
| parent | 4084e35068772cf4f81bbae5174019f277c61084 (diff) | |
| download | qemu-95d1fbabae0cd44156ac4b96d512d143ca7dfd5e.zip qemu-95d1fbabae0cd44156ac4b96d512d143ca7dfd5e.tar.gz qemu-95d1fbabae0cd44156ac4b96d512d143ca7dfd5e.tar.bz2 | |
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200716-pull-request' into staging
fixes: usb storage regression, vfio display ramfb bug
# gpg: Signature made Thu 16 Jul 2020 10:30:58 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/fixes-20200716-pull-request:
usb: fix storage regression
vfio: fix use-after-free in display
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/usb/dev-storage.c | 3 | ||||
| -rw-r--r-- | hw/vfio/display.c | 1 |
2 files changed, 2 insertions, 2 deletions
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index 2ed6a8d..405a4cc 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -546,8 +546,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p) } } } - if (p->actual_length < p->iov.size && (p->short_not_ok || - s->scsi_len >= p->ep->max_packet_size)) { + if (p->actual_length < p->iov.size && s->mode == USB_MSDM_DATAIN) { DPRINTF("Deferring packet %p [wait data-in]\n", p); s->packet = p; p->status = USB_RET_ASYNC; diff --git a/hw/vfio/display.c b/hw/vfio/display.c index a57a226..3420541 100644 --- a/hw/vfio/display.c +++ b/hw/vfio/display.c @@ -405,6 +405,7 @@ static void vfio_display_region_update(void *opaque) if (!plane.drm_format || !plane.size) { if (dpy->ramfb) { ramfb_display_update(dpy->con, dpy->ramfb); + dpy->region.surface = NULL; } return; } |