From nobody Tue Nov 4 15:31:23 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1530606632660391.4156295768978; Tue, 3 Jul 2018 01:30:32 -0700 (PDT) Received: from localhost ([::1]:38827 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faGha-0001D0-T6 for importer@patchew.org; Tue, 03 Jul 2018 04:30:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47893) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faGgF-0000a0-L1 for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:29:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1faGgD-0001W2-0J for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:28:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42380) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1faGgC-0001Vf-PC for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:28:56 -0400 Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CC66913A5C; Tue, 3 Jul 2018 08:28:55 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-220.phx2.redhat.com [10.3.116.220]) by smtp.corp.redhat.com (Postfix) with ESMTP id 30831300164B; Tue, 3 Jul 2018 08:28:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 01C5917538; Tue, 3 Jul 2018 10:28:52 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Tue, 3 Jul 2018 10:28:50 +0200 Message-Id: <20180703082851.17959-2-kraxel@redhat.com> In-Reply-To: <20180703082851.17959-1-kraxel@redhat.com> References: <20180703082851.17959-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 03 Jul 2018 08:28:56 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/2] ehci: Don't fetch a NULL current qtd but advance the queue instead. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sebastian Bauer , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Sebastian Bauer Fetching qtd with the NULL address most likely makes no sense so from now on, we handle it this case similarly as if the terminate (T) bit is not set, which is already an exception as according to section 3.6 of the EHCI spec there is no T bit defined for the current_qtd field. The spec is a bit vague on how an EHCI driver should initialize these fields: "The general operational model is that the host controller can detect whether the overlay area contains a description of an active transfer" (p. 49). QEMU primarily uses the QTD_TOKEN_ACTIVE bit of the queue header to infer the activity state but there are other ways conceivable. This change allows QEMU to boot further into AmigaOS. The public available version of the EHCI driver recycles queue heads in some rare conditions but only clears the current_qtd field but not the status field. This works with many available EHCI PCI cards but e.g., not with the Freescale USB controller's found on the P5040. On the emulated EHCI controller of QEMU the consequence is that some garbage was read in, which resulted in a reset of the controller. This change fixes the problem. Signed-off-by: Sebastian Bauer Tested-by: BALATON Zoltan Message-id: 20180625222718.4488-1-mail@sebastianbauer.info Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-ehci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 0134232627..e5acfc5ba5 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1672,7 +1672,8 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci,= int async) ehci_set_state(ehci, async, EST_HORIZONTALQH); =20 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && - (NLPTR_TBIT(q->qh.current_qtd) =3D=3D 0)) { + (NLPTR_TBIT(q->qh.current_qtd) =3D=3D 0) && + (q->qh.current_qtd !=3D 0)) { q->qtdaddr =3D q->qh.current_qtd; ehci_set_state(ehci, async, EST_FETCHQTD); =20 --=20 2.9.3 From nobody Tue Nov 4 15:31:23 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1530606730870855.045373646701; Tue, 3 Jul 2018 01:32:10 -0700 (PDT) Received: from localhost ([::1]:38840 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faGjK-0002ZB-7T for importer@patchew.org; Tue, 03 Jul 2018 04:32:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47895) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faGgF-0000a2-LA for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:29:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1faGgC-0001Vk-ER for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:28:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52208) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1faGgC-0001VK-8D for qemu-devel@nongnu.org; Tue, 03 Jul 2018 04:28:56 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3F0A730E684C for ; Tue, 3 Jul 2018 08:28:55 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-220.phx2.redhat.com [10.3.116.220]) by smtp.corp.redhat.com (Postfix) with ESMTP id 309EF101F97E; Tue, 3 Jul 2018 08:28:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0B2FA17539; Tue, 3 Jul 2018 10:28:52 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Tue, 3 Jul 2018 10:28:51 +0200 Message-Id: <20180703082851.17959-3-kraxel@redhat.com> In-Reply-To: <20180703082851.17959-1-kraxel@redhat.com> References: <20180703082851.17959-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 03 Jul 2018 08:28:55 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 2/2] xhci: fix guest-triggerable assert X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Set xhci into error state instead of throwing a core dump. Signed-off-by: Gerd Hoffmann Message-id: 20180702162752.29233-1-kraxel@redhat.com --- hw/usb/hcd-xhci.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 721beb5486..8f1a01a405 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1954,7 +1954,12 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, un= signed int streamid) for (i =3D 0; i < length; i++) { TRBType type; type =3D xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL); - assert(type); + if (!type) { + xhci_die(xhci); + xhci_ep_free_xfer(xfer); + epctx->kick_active--; + return; + } } xfer->streamid =3D streamid; =20 --=20 2.9.3