diff options
author | Markus Armbruster <armbru@redhat.com> | 2014-01-29 18:47:39 +0100 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2014-02-22 10:02:23 +0100 |
commit | 7ef8cf9a0861b6f67f5e57428478c31bfd811651 (patch) | |
tree | dc837d92eb0d893fab0bebd6a402ed43f52bf186 /hw/scsi/scsi-bus.c | |
parent | 703dd81aca15ef1d91dba013b6b66c6e3ff88628 (diff) | |
download | qemu-7ef8cf9a0861b6f67f5e57428478c31bfd811651.tar.gz qemu-7ef8cf9a0861b6f67f5e57428478c31bfd811651.tar.bz2 qemu-7ef8cf9a0861b6f67f5e57428478c31bfd811651.zip |
scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
The transfer length depends on field BYTCHK, which is encoded in byte
1, bits 1..2. However, the guard for for case BYTCHK=11b doesn't
work, and we get case 01b instead. Fix it.
Note that since emulated scsi-hd fails the command outright, it takes
SCSI passthrough of a device that actually implements VERIFY with
BYTCHK=11b to make the bug bite.
Screwed up in commit d12ad44. Spotted by Coverity.
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi/scsi-bus.c')
-rw-r--r-- | hw/scsi/scsi-bus.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index 054a7d407a..50a0acf1fe 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -909,7 +909,7 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) case VERIFY_16: if ((buf[1] & 2) == 0) { cmd->xfer = 0; - } else if ((buf[1] & 4) == 1) { + } else if ((buf[1] & 4) != 0) { cmd->xfer = 1; } cmd->xfer *= dev->blocksize; |