@@ -229,6 +229,9 @@ static void usb_msd_copy_data(MSDState *s, USBPacket *p)
usb_packet_copy(p, scsi_req_get_buf(s->req) + s->scsi_off, len);
s->scsi_len -= len;
s->scsi_off += len;
+ if (len > s->data_len) {
+ len = s->data_len;
+ }
s->data_len -= len;
if (s->scsi_len == 0 || s->data_len == 0) {
scsi_req_continue(s->req);
@@ -303,6 +306,9 @@ static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, size_t r
if (s->data_len) {
int len = (p->iov.size - p->actual_length);
usb_packet_skip(p, len);
+ if (len > s->data_len) {
+ len = s->data_len;
+ }
s->data_len -= len;
}
if (s->data_len == 0) {
@@ -469,6 +475,9 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
int len = p->iov.size - p->actual_length;
if (len) {
usb_packet_skip(p, len);
+ if (len > s->data_len) {
+ len = s->data_len;
+ }
s->data_len -= len;
if (s->data_len == 0) {
s->mode = USB_MSDM_CSW;
@@ -528,13 +537,17 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
int len = p->iov.size - p->actual_length;
if (len) {
usb_packet_skip(p, len);
+ if (len > s->data_len) {
+ len = s->data_len;
+ }
s->data_len -= len;
if (s->data_len == 0) {
s->mode = USB_MSDM_CSW;
}
}
}
- if (p->actual_length < p->iov.size) {
+ if (p->actual_length < p->iov.size && (p->short_not_ok ||
+ s->scsi_len >= p->ep->max_packet_size)) {
DPRINTF("Deferring packet %p [wait data-in]\n", p);
s->packet = p;
p->status = USB_RET_ASYNC;