usb/storage: clear csw on reset

Stale data in csw (specifically residue) can confuse the state machine
and allows the guest trigger an assert().  So clear csw on reset to
avoid this happening in case the guest resets the device in the middle
of a request.

Buglink: https://bugs.launchpad.net/qemu/+bug/1523811
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210312094954.796799-1-kraxel@redhat.com>

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 7b587ad051ff095b6bed6850b4b20e95f1aa5491..dca62d544fe91022e9d81a6cd800bbb0a7919a31 100644 (file)
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -313,6 +313,7 @@ void usb_msd_handle_reset(USBDevice *dev)
         usb_msd_packet_complete(s);
     }
 
+    memset(&s->csw, 0, sizeof(s->csw));
     s->mode = USB_MSDM_CBW;
 }