From nobody Sat May 4 05:04:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566456903; cv=none; d=zoho.com; s=zohoarc; b=huMckJ6CyNpGP1PP9X7zbVDua9wTKzzYdU+wKTdPl68CjqP4IvKiD1C/rjZGU5E3HIIp2k1Ke08FxGsb2i9Fv2LEfOHjQB7ttPs9rcwb4SppvMCK9RHXkpxilqTZEKg+QZG4TFZuN2xEGKt21g5yV6dg2+AawdV7K25H0zlP8hs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566456903; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=lNWO+hHTwKhHobrDprXgyPnVuDbBFPWyhBPIhpf5ovw=; b=f9l+TtECij+8T34rIr5YHSjhLR+DnaSmIJbVD+NtZj2kvEU+Jda7ov0mvOPa35au3askcySkUwXqpEyzRmgDv6iooMXgKvifY0W+jhhY5fiPqB8JINd93J4ZKU8dZyeYOtHyd0RrOTrHfSt3fLjTNR1ecPqYgySLm7INgkmh5uE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566456903415882.2124574868436; Wed, 21 Aug 2019 23:55:03 -0700 (PDT) Received: from localhost ([::1]:38640 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gzu-0000xI-0I for importer@patchew.org; Thu, 22 Aug 2019 02:55:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38983) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gxp-0007Jf-Fl for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0gxl-0004gX-1D for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38084) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0gxk-0004el-O8 for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:48 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 06C371801591 for ; Thu, 22 Aug 2019 06:52:48 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-60.ams2.redhat.com [10.36.116.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id 38D145D713; Thu, 22 Aug 2019 06:52:43 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 776C197A1; Thu, 22 Aug 2019 08:52:42 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Thu, 22 Aug 2019 08:52:38 +0200 Message-Id: <20190822065242.12496-2-kraxel@redhat.com> In-Reply-To: <20190822065242.12496-1-kraxel@redhat.com> References: <20190822065242.12496-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.63]); Thu, 22 Aug 2019 06:52:48 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/5] usbredir: fix buffer-overflow on vmload X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau If interface_count is NO_INTERFACE_INFO, let's not access the arrays out-of-bounds. =3D=3D994=3D=3DERROR: AddressSanitizer: heap-buffer-overflow on address 0x6= 25000243930 at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40 READ of size 1 at 0x625000243930 thread T0 #0 0x5642068086a7 in usbredir_check_bulk_receiving /home/elmarco/src/qe= mu/hw/usb/redirect.c:1503 #1 0x56420681301c in usbredir_post_load /home/elmarco/src/qemu/hw/usb/r= edirect.c:2154 #2 0x5642068a56c2 in vmstate_load_state /home/elmarco/src/qemu/migratio= n/vmstate.c:168 #3 0x56420688e2ac in vmstate_load /home/elmarco/src/qemu/migration/save= vm.c:829 #4 0x5642068980cb in qemu_loadvm_section_start_full /home/elmarco/src/q= emu/migration/savevm.c:2211 #5 0x564206899645 in qemu_loadvm_state_main /home/elmarco/src/qemu/migr= ation/savevm.c:2395 #6 0x5642068998cf in qemu_loadvm_state /home/elmarco/src/qemu/migration= /savevm.c:2467 #7 0x56420685f3e9 in process_incoming_migration_co /home/elmarco/src/qe= mu/migration/migration.c:449 #8 0x564207106c47 in coroutine_trampoline /home/elmarco/src/qemu/util/c= oroutine-ucontext.c:115 #9 0x7f0c0604e37f (/lib64/libc.so.6+0x4d37f) Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Liam Merwick Reviewed-by: Li Qiang Reviewed-by: Philippe Mathieu-Daud=C3=A9 Message-id: 20190807084048.4258-1-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/redirect.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index fc9fe0c00f4c..be15b9f30334 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -1499,6 +1499,11 @@ static void usbredir_check_bulk_receiving(USBRedirDe= vice *dev) for (i =3D EP2I(USB_DIR_IN); i < MAX_ENDPOINTS; i++) { dev->endpoint[i].bulk_receiving_enabled =3D 0; } + + if (dev->interface_info.interface_count =3D=3D NO_INTERFACE_INFO) { + return; + } + for (i =3D 0; i < dev->interface_info.interface_count; i++) { quirks =3D usb_get_quirks(dev->device_info.vendor_id, dev->device_info.product_id, --=20 2.18.1 From nobody Sat May 4 05:04:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566457121; cv=none; d=zoho.com; s=zohoarc; b=MqjxFuVN08uROMnVR0PCeqKm4jdq2EOYCAPdlP/9nZx208d2uVw11cwpbq0RLIZaNwWo/nn9ruL3vFrhC8zDhWm/rst3eSbAsS/mldb4c00SGeoGIRnkwmAEi4Sjymlpjqedwg3hx+vPUcKe+cbw6DSLzxaww9/oC1lCyfniaPk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566457121; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ogQI8uaKKpXiIGZWpbutgod0QH9RKs+W/DsPlI1uHZk=; b=ocwljcsWGH6oVJHHGfUKNF+GfCfpl2MyjxpwYO0YYCBlwHc+d2BDZs1nKQHhq7OMc0nI7Ta3H1M2drbsGNlZXp9+JjsNyiYArTdk/uFo+dtQR+S1pqX3YPRZ+x+RQVNgUb6Vzf2addGmzRLbWjbK9jutWlb/jf5yndo9CM8E93M= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566457121605710.0280151158344; Wed, 21 Aug 2019 23:58:41 -0700 (PDT) Received: from localhost ([::1]:38654 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0h3L-0004US-SY for importer@patchew.org; Thu, 22 Aug 2019 02:58:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38961) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gxn-0007Ik-Ei for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0gxj-0004dN-Hy for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:53610) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0gxj-0004am-5A for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:47 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 01826308427C; Thu, 22 Aug 2019 06:52:46 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-60.ams2.redhat.com [10.36.116.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3AECA10018F9; Thu, 22 Aug 2019 06:52:43 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 7FCE593C9; Thu, 22 Aug 2019 08:52:42 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Thu, 22 Aug 2019 08:52:39 +0200 Message-Id: <20190822065242.12496-3-kraxel@redhat.com> In-Reply-To: <20190822065242.12496-1-kraxel@redhat.com> References: <20190822065242.12496-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 22 Aug 2019 06:52:46 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 2/5] usb-redir: merge interrupt packets X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gerd Hoffmann , Martin Cerveny Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Martin Cerveny Interrupt packets (limited by wMaxPacketSize) should be buffered and merged by algorithm described in USB spec. (see usb_20.pdf/5.7.3 Interrupt Transfer Packet Size Constraints). Signed-off-by: Martin Cerveny Message-id: 20190724125859.14624-2-M.Cerveny@computer.org Signed-off-by: Gerd Hoffmann --- hw/usb/redirect.c | 71 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 22 deletions(-) diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index be15b9f30334..e0f5ca6f818b 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -819,8 +819,8 @@ static void usbredir_handle_interrupt_in_data(USBRedirD= evice *dev, USBPacket *p, uint8_t ep) { /* Input interrupt endpoint, buffered packet input */ - struct buf_packet *intp; - int status, len; + struct buf_packet *intp, *intp_to_free; + int status, len, sum; =20 if (!dev->endpoint[EP2I(ep)].interrupt_started && !dev->endpoint[EP2I(ep)].interrupt_error) { @@ -839,9 +839,17 @@ static void usbredir_handle_interrupt_in_data(USBRedir= Device *dev, dev->endpoint[EP2I(ep)].bufpq_dropping_packets =3D 0; } =20 - intp =3D QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq); + /* check for completed interrupt message (with all fragments) */ + sum =3D 0; + QTAILQ_FOREACH(intp, &dev->endpoint[EP2I(ep)].bufpq, next) { + sum +=3D intp->len; + if (intp->len < dev->endpoint[EP2I(ep)].max_packet_size || + sum >=3D p->iov.size) + break; + } + if (intp =3D=3D NULL) { - DPRINTF2("interrupt-token-in ep %02X, no intp\n", ep); + DPRINTF2("interrupt-token-in ep %02X, no intp, buffered %d\n", ep,= sum); /* Check interrupt_error for stream errors */ status =3D dev->endpoint[EP2I(ep)].interrupt_error; dev->endpoint[EP2I(ep)].interrupt_error =3D 0; @@ -852,18 +860,42 @@ static void usbredir_handle_interrupt_in_data(USBRedi= rDevice *dev, } return; } - DPRINTF("interrupt-token-in ep %02X status %d len %d\n", ep, - intp->status, intp->len); - - status =3D intp->status; - len =3D intp->len; - if (len > p->iov.size) { - ERROR("received int data is larger then packet ep %02X\n", ep); - len =3D p->iov.size; - status =3D usb_redir_babble; + + /* copy of completed interrupt message */ + sum =3D 0; + status =3D usb_redir_success; + intp_to_free =3D NULL; + QTAILQ_FOREACH(intp, &dev->endpoint[EP2I(ep)].bufpq, next) { + if (intp_to_free) { + bufp_free(dev, intp_to_free, ep); + } + DPRINTF("interrupt-token-in ep %02X fragment status %d len %d\n", = ep, + intp->status, intp->len); + + sum +=3D intp->len; + len =3D intp->len; + if (status =3D=3D usb_redir_success) { + status =3D intp->status; + } + if (sum > p->iov.size) { + ERROR("received int data is larger then packet ep %02X\n", ep); + len -=3D (sum - p->iov.size); + sum =3D p->iov.size; + status =3D usb_redir_babble; + } + + usb_packet_copy(p, intp->data, len); + + intp_to_free =3D intp; + if (intp->len < dev->endpoint[EP2I(ep)].max_packet_size || + sum >=3D p->iov.size) + break; + } + if (intp_to_free) { + bufp_free(dev, intp_to_free, ep); } - usb_packet_copy(p, intp->data, len); - bufp_free(dev, intp, ep); + DPRINTF("interrupt-token-in ep %02X summary status %d len %d\n", ep, + status, sum); usbredir_handle_status(dev, p, status); } =20 @@ -2041,22 +2073,17 @@ static void usbredir_interrupt_packet(void *priv, u= int64_t id, } =20 if (ep & USB_DIR_IN) { - bool q_was_empty; - if (dev->endpoint[EP2I(ep)].interrupt_started =3D=3D 0) { DPRINTF("received int packet while not started ep %02X\n", ep); free(data); return; } =20 - q_was_empty =3D QTAILQ_EMPTY(&dev->endpoint[EP2I(ep)].bufpq); - /* bufp_alloc also adds the packet to the ep queue */ bufp_alloc(dev, data, data_len, interrupt_packet->status, ep, data= ); =20 - if (q_was_empty) { - usb_wakeup(usb_ep_get(&dev->dev, USB_TOKEN_IN, ep & 0x0f), 0); - } + /* insufficient data solved with USB_RET_NAK */ + usb_wakeup(usb_ep_get(&dev->dev, USB_TOKEN_IN, ep & 0x0f), 0); } else { /* * We report output interrupt packets as completed directly upon --=20 2.18.1 From nobody Sat May 4 05:04:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566456904; cv=none; d=zoho.com; s=zohoarc; b=fKhLjE4Nkjh3hxeYl3vkc9XwBffXw+2c71BEkl3+NbeHrRIhe/pFw+6Mlbti0dj/ryvjCwvqPpQ2XvW7ySv8jkPy1FMzgU4Qo54zWQaWOnf9EoRRBP8sAd0E5cu7uH5zg6RgWJnnk/eR082FzY2e2ixyY8yM/73DSrLBZroyLvQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566456904; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=DRmefdqYLV7nGKViqO9k3dNVdkO592s6xrdiW+9lbdU=; b=GkC/p1+oRJktx8YffheOpGWxFEbxHa1wKAEbSlyCK/Buh+hc9KQG2eCwJD6+S/TR4wAM5tw53ZSBmliSb/PePLcc2UCnHDWuPVWqmn8gyEHQoijfHZDA22Xo8C9d8SwtUXiDzoippHhjJJ0YAPHYTNFdqo+/8pg8D9NLl+SI/lA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566456904257129.73631500423596; Wed, 21 Aug 2019 23:55:04 -0700 (PDT) Received: from localhost ([::1]:38636 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gzu-0000rh-RU for importer@patchew.org; Thu, 22 Aug 2019 02:55:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38941) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gxk-0007If-GL for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0gxj-0004cr-AF for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36990) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0gxj-0004aC-3v for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:47 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A67698980F2; Thu, 22 Aug 2019 06:52:45 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-60.ams2.redhat.com [10.36.116.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id 346EF5C205; Thu, 22 Aug 2019 06:52:43 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 87D8993E3; Thu, 22 Aug 2019 08:52:42 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Thu, 22 Aug 2019 08:52:40 +0200 Message-Id: <20190822065242.12496-4-kraxel@redhat.com> In-Reply-To: <20190822065242.12496-1-kraxel@redhat.com> References: <20190822065242.12496-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.67]); Thu, 22 Aug 2019 06:52:45 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 3/5] xhci: Add No Op Command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hikaru Nishida , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Hikaru Nishida This commit adds No Op Command (23) to xHC for verifying the operation of the Command Ring mechanisms. No Op Command is defined in XHCI spec (4.6.2) and just reports Command Completion Event with Completion Code =3D=3D Success. Before this commit, No Op Command is not implemented so xHC reports Command Completion Event with Completion Code =3D=3D TRB Error. This commit fixes this behaviour to report Completion Code correctly. Signed-off-by: Hikaru Nishida Message-id: 20190720060427.50457-1-hikarupsp@gmail.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-xhci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index f698224c8a06..f5782649482b 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -2543,6 +2543,9 @@ static void xhci_process_commands(XHCIState *xhci) case CR_GET_PORT_BANDWIDTH: event.ccode =3D xhci_get_port_bandwidth(xhci, trb.parameter); break; + case CR_NOOP: + event.ccode =3D CC_SUCCESS; + break; case CR_VENDOR_NEC_FIRMWARE_REVISION: if (xhci->nec_quirks) { event.type =3D 48; /* NEC reply */ --=20 2.18.1 From nobody Sat May 4 05:04:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566457120; cv=none; d=zoho.com; s=zohoarc; b=G3HzLVa0m3uFkvnUYukxNbUyYLvh+Bl7OVEp83JrUis/503h+E4JfGSwPqHiragrYP00KsMpouCBkOPh0QvGaYJbR6o/5WgB+tF5n22V+VND+6fS/L1g+sNuluZRigfgALnveOluIvO1WE/5/pmCevy5x7DlcXVJEXxYXkrd69w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566457120; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Ppo+SHGYpOwntDNcXnmDEkJuYhi2TkHXgYDTJG/KH2Q=; b=kTazLaYuh0/0wjTa6Kwld8REsFVxADX0Y/p0NDsw+e1D5NHQRiWCvvYA6jfqIVCYF5LtIDQXDzR1DMGb1jCprSjtEsDroiU16ZOk29IYBPADk4ib55IykgH7Q3br+z0m5e0N4aRH+bnpPGpsLncDe0ySJ9Ury/zUiaz7e2dYXjI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566457120013494.1074101268074; Wed, 21 Aug 2019 23:58:40 -0700 (PDT) Received: from localhost ([::1]:38656 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0h3M-0004Z8-Jw for importer@patchew.org; Thu, 22 Aug 2019 02:58:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38988) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gxr-0007LP-87 for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0gxn-0004jl-N3 for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52412) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0gxn-0004fq-Cf for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:51 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 90D6D106BB25 for ; Thu, 22 Aug 2019 06:52:48 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-60.ams2.redhat.com [10.36.116.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3C3D3600CD; Thu, 22 Aug 2019 06:52:43 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 8FDD2934B; Thu, 22 Aug 2019 08:52:42 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Thu, 22 Aug 2019 08:52:41 +0200 Message-Id: <20190822065242.12496-5-kraxel@redhat.com> In-Reply-To: <20190822065242.12496-1-kraxel@redhat.com> References: <20190822065242.12496-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.64]); Thu, 22 Aug 2019 06:52:48 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 4/5] usb: reword -usb command-line option and mention xHCI X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gerd Hoffmann , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Stefan Hajnoczi The -usb section of the man page is not very clear on what exactly -usb does and fails to mention xHCI as a modern alternative (-device nec-usb-xhci). Signed-off-by: Stefan Hajnoczi Reviewed-by: Thomas Huth Message-id: 20190815141428.29080-1-stefanha@redhat.com Signed-off-by: Gerd Hoffmann --- qemu-options.hx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qemu-options.hx b/qemu-options.hx index 9621e934c0bf..1fb362f06faa 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1436,12 +1436,15 @@ STEXI ETEXI =20 DEF("usb", 0, QEMU_OPTION_usb, - "-usb enable the USB driver (if it is not used by default y= et)\n", + "-usb enable on-board USB host controller (if not enabled b= y default)\n", QEMU_ARCH_ALL) STEXI @item -usb @findex -usb -Enable the USB driver (if it is not used by default yet). +Enable USB emulation on machine types with an on-board USB host controller= (if +not enabled by default). Note that on-board USB host controllers may not +support USB 3.0. In this case @option{-device qemu-xhci} can be used inst= ead +on machines with PCI. ETEXI =20 DEF("usbdevice", HAS_ARG, QEMU_OPTION_usbdevice, --=20 2.18.1 From nobody Sat May 4 05:04:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1566457126; cv=none; d=zoho.com; s=zohoarc; b=MV7urphbaBArnAhXplORRqBjQD6BM5Rtl4eDd/wTelJi+W0VS7w3qhLZEqbwOFXQRdwAjMCfILXa2aZdKWBWcvuyyhXMiwtBA7Pi76jNTAc22vX/ARlexfkANisy3mwDDA2rUiKhz/Oykl9qkB1RufsTEqtBy4uKIfdpr9g49C4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566457126; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=GkiDY6dVuaBzuVwOKUG9W4ATidMbcbuElEqLWpma8vk=; b=aNKiqJ2AyCZiSba6BU+WkWhwjYGRLNaHLsm3mFWnP27bjfM5wPbphWSV0EUKPutAE9op2kfCNMSt+2z1pyv51KRnRJFDWWFirXiIfQS4y9tu0Hc0ndadkltCkBasZ3R1P/KWXtBDSoRS9s5oCS95dsc5jIgG+i2vPdOKzmDr66s= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1566457126096625.66030519946; Wed, 21 Aug 2019 23:58:46 -0700 (PDT) Received: from localhost ([::1]:38658 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0h3P-0004c1-FQ for importer@patchew.org; Thu, 22 Aug 2019 02:58:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38946) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i0gxk-0007Ig-U5 for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i0gxj-0004dr-Nt for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35990) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i0gxj-0004bx-Eo for qemu-devel@nongnu.org; Thu, 22 Aug 2019 02:52:47 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A676830832C8 for ; Thu, 22 Aug 2019 06:52:46 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-60.ams2.redhat.com [10.36.116.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id 67B6D60126; Thu, 22 Aug 2019 06:52:46 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 97DD4935A; Thu, 22 Aug 2019 08:52:42 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Thu, 22 Aug 2019 08:52:42 +0200 Message-Id: <20190822065242.12496-6-kraxel@redhat.com> In-Reply-To: <20190822065242.12496-1-kraxel@redhat.com> References: <20190822065242.12496-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 22 Aug 2019 06:52:46 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 5/5] ehci: fix queue->dev null ptr dereference X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" In case we don't have a device for an active queue, just skip processing the queue (same we do for inactive queues) and log a guest bug. Reported-by: Guenter Roeck Signed-off-by: Gerd Hoffmann Tested-by: Guenter Roeck Message-id: 20190821085319.13711-1-kraxel@redhat.com --- hw/usb/hcd-ehci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 9ca7b87a8001..56ab2f457f4c 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1838,6 +1838,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q) ehci_set_state(q->ehci, q->async, EST_EXECUTING); break; } + } else if (q->dev =3D=3D NULL) { + ehci_trace_guest_bug(q->ehci, "no device attached to queue"); + ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); } else { p =3D ehci_alloc_packet(q); p->qtdaddr =3D q->qtdaddr; --=20 2.18.1