|
| From: | Philippe Mathieu-Daudé |
| Subject: | Re: [PATCH for-6.2 1/2] esp: ensure that async_len is reset to 0 during esp_hard_reset() |
| Date: | Thu, 18 Nov 2021 12:30:12 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 |
On 11/18/21 11:03, Mark Cave-Ayland wrote: > If a reset command is sent after data has been transferred into the SCSI > buffer > ensure that async_len is reset to 0. Otherwise a subsequent TI command assumes > the SCSI buffer contains data to be transferred to the device causing it to > dereference the stale async_buf pointer. > > Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> > Fixes: https://gitlab.com/qemu-project/qemu/-/issues/724 > --- > hw/scsi/esp.c | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
| [Prev in Thread] | Current Thread | [Next in Thread] |