From 44dd4196806ef015e7df3c671ca986b0b5ca0f73 Mon Sep 17 00:00:00 2001
From: Bandan <bsd@redhat.com>
Date: Fri, 7 Sep 2018 18:08:49 -0400
Subject: usb-mtp: fix error conditions for write operation

Return STORE_FULL if we can't write all the bytes but
return incomplete transfer if data received is less then
what was specified in the metadata. Also, use d->offset
as the file size which is valid for all file sizes.

Signed-off-by: Bandan <bsd@redhat.com>
Message-id: 20180907220851.9658-2-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-mtp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'hw/usb/dev-mtp.c')

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 3fdc4b0da1..15edf3bb82 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1665,13 +1665,14 @@ static void usb_mtp_write_data(MTPState *s)
             goto success;
         }
 
-        rc = write_retry(d->fd, d->data, s->dataset.size);
-        if (!rc) {
+        rc = write_retry(d->fd, d->data, d->offset);
+        if (rc != d->offset) {
             usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
                                  0, 0, 0, 0);
             goto done;
             }
-        if (rc != s->dataset.size) {
+        /* Only for < 4G file sizes */
+        if (s->dataset.size != 0xFFFFFFFF && rc != s->dataset.size) {
             usb_mtp_queue_result(s, RES_INCOMPLETE_TRANSFER, d->trans,
                                  0, 0, 0, 0);
             goto done;
-- 
cgit 1.4.1


From f7c36a754c0a597e6c397e6e21e03798fc2eee69 Mon Sep 17 00:00:00 2001
From: Bandan Das <bsd@redhat.com>
Date: Fri, 7 Sep 2018 18:08:51 -0400
Subject: usb-mtp: reset ObjectInfo dataset size on cleanup

Stale values in this field may result in qemu
expecting more data on the next operation

Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 20180907220851.9658-4-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-mtp.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'hw/usb/dev-mtp.c')

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 15edf3bb82..00a3691bae 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1568,6 +1568,7 @@ static void usb_mtp_handle_control(USBDevice *dev, USBPacket *p,
             if (s->write_pending) {
                 g_free(s->dataset.filename);
                 s->write_pending = false;
+                s->dataset.size = 0;
             }
             usb_mtp_data_free(s->data_out);
             s->data_out = NULL;
@@ -1693,6 +1694,7 @@ done:
     }
 free:
     g_free(s->dataset.filename);
+    s->dataset.size = 0;
     g_free(path);
     s->write_pending = false;
 }
-- 
cgit 1.4.1