aboutsummaryrefslogtreecommitdiff
path: root/hw/usb/dev-storage.c
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2012-04-18 12:08:29 +0200
committerGerd Hoffmann <kraxel@redhat.com>2012-04-26 12:21:16 +0200
commit6d7aeeeb8985634a2015e804045a1ca52573ccc5 (patch)
tree37a839e19ab8af7dd3b7c7e4cd6dd6b49573ed99 /hw/usb/dev-storage.c
parent8a771f77e2abfb81f1f33a986810c16ecae54ca7 (diff)
downloadqemu-6d7aeeeb8985634a2015e804045a1ca52573ccc5.zip
qemu-6d7aeeeb8985634a2015e804045a1ca52573ccc5.tar.gz
qemu-6d7aeeeb8985634a2015e804045a1ca52573ccc5.tar.bz2
usb-storage: fix request canceling
Little fix for usb packet handling on i/o cancelation. The usb packet pointer (s->packet) is cleared at the wrong place: The scsi request cancel handler does it. When a usb packet is canceled the usb-storage emulation canceles the scsi request if present. In most cases there is one, so usually s->packet is cleared as needed even with the code sitting at the wrong place. If there is no scsi request in flight s->packet is not cleared though. The usb-storage emulation will then try to complete an usb packet which is not in flight any more and thereby trigger an assert() in the usb core. Fix this by clearing s->packet at the correct place, which is the usb packet cancel header. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb/dev-storage.c')
-rw-r--r--hw/usb/dev-storage.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index d865a5e..3d2f244 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -268,7 +268,6 @@ static void usb_msd_request_cancelled(SCSIRequest *req)
if (req == s->req) {
scsi_req_unref(s->req);
s->req = NULL;
- s->packet = NULL;
s->scsi_len = 0;
}
}
@@ -330,6 +329,9 @@ static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p)
{
MSDState *s = DO_UPCAST(MSDState, dev, dev);
+ assert(s->packet == p);
+ s->packet = NULL;
+
if (s->req) {
scsi_req_cancel(s->req);
}