scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b

The transfer length depends on field BYTCHK, which is encoded in byte 1, bits 1..2. However, the guard for for case BYTCHK=11b doesn't work, and we get case 01b instead. Fix it. Note that since emulated scsi-hd fails the command outright, it takes SCSI passthrough of a device that actually implements VERIFY with BYTCHK=11b to make the bug bite. Screwed up in commit d12ad44. Spotted by Coverity. Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 7ef8cf9a0861b6f67f5e57428478c31bfd811651) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: Markus Armbruster <armbru@redhat.com> 2014-01-29 18:47:39 +0100
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2014-06-25 11:00:29 -0500
commit: 8b8dd2c4b50abe5647de7c336496c253dc474d3b (patch)
tree: 4c45c676bb14d300947a17f371b14e19011eb2d7 /hw
parent: 248de52cf84185b3bafea8ba31333bd0d7a34893 (diff)
download: qemu-8b8dd2c4b50abe5647de7c336496c253dc474d3b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index b04438bae8..48286ef415 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -909,7 +909,7 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
     case VERIFY_16:
         if ((buf[1] & 2) == 0) {
             cmd->xfer = 0;
-        } else if ((buf[1] & 4) == 1) {
+        } else if ((buf[1] & 4) != 0) {
             cmd->xfer = 1;
         }
         cmd->xfer *= dev->blocksize;
author	Markus Armbruster <armbru@redhat.com>	2014-01-29 18:47:39 +0100
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2014-06-25 11:00:29 -0500
commit	8b8dd2c4b50abe5647de7c336496c253dc474d3b (patch)
tree	4c45c676bb14d300947a17f371b14e19011eb2d7 /hw
parent	248de52cf84185b3bafea8ba31333bd0d7a34893 (diff)
download	qemu-8b8dd2c4b50abe5647de7c336496c253dc474d3b.tar.gz