> Yep, so it appears that commit 89c0f6438d16 did introduce the bogus > 'double complete' in scsi_read_complete, which I think was intended to > handle residual counts for TYPE_TYPE... > > /* Cancel a pending data transfer. */ > @@ -251,6 +257,8 @@ static void scsi_read_complete(void * opaque, int ret) > > r->len = -1; > s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len); > + if (len == 0) > + scsi_command_complete(r, 0); > } > > I am currently under the assumption for this and bsg_read_complete that > s->completion(..., len) is handling the residual count back to block. > > Is this correct..?
So I just debugged a crash where loading my vscsi driver kills qemu (segfault) after trying to complete a command twice with scsi-generic. Removing the above hunk fixes it. So this is a genuine fix that should be applied (asap even :-) I still have an odd problem with scsi-disk.c where reading from an empty cdrom drive crashes it, I'll debug that later. Cheers, Ben.
