[PULL 13/13] usb/storage: clear csw on reset

Gerd Hoffmann <kraxel@xxxxxxxxxx> · Mon, 15 Mar 2021 19:02:40 +0100

Stale data in csw (specifically residue) can confuse the state machine
and allows the guest trigger an assert().  So clear csw on reset to
avoid this happening in case the guest resets the device in the middle
of a request.

Buglink: https://bugs.launchpad.net/qemu/+bug/1523811
Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Reviewed-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
Message-Id: <20210312094954.796799-1-kraxel@xxxxxxxxxx>
---
 hw/usb/dev-storage.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 7b587ad051ff..dca62d544fe9 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -313,6 +313,7 @@ void usb_msd_handle_reset(USBDevice *dev)
         usb_msd_packet_complete(s);
     }
 
+    memset(&s->csw, 0, sizeof(s->csw));
     s->mode = USB_MSDM_CBW;
 }
 
-- 
2.29.2







