From nobody Thu Apr 25 13:56:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602825988; cv=none; d=zohomail.com; s=zohoarc; b=N7oe+NDRfnweUAUUnVzlc5e5nJUshqXdMzF3IBP0+75Ww3uFB4eIWfpWONb69SgmVRbQq7+nCzjTw3z8GUmMUIIEBeAhIliSWdwr4KIue0IggEPAUb/GFy1ZGTfZdNFy6Up9u3DwzQappAzYaLjat9kv2LlO3+7zZRfoVLwccJg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602825988; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=YxtuLzdJo8GjTOuAgOrDwvK/4bPK4aKYuQsn5L+FMWM=; b=EqGYVv3uYX8B5TOx8KSCYrWSOPbNemfvVlk3SdjooQo2tF7xNvF3gHH/ZiYe3F9qRTJ1PQGiQUN4/22QyadxtaMZ4jBLnOFJblSRpxp8t0l16L18jVc+wCfmf7B7+HQWL91CFj7S/EOW1DDmOPaniCFRl/33cDWJj5w1JAqvdUM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1602825988744670.4926198223415; Thu, 15 Oct 2020 22:26:28 -0700 (PDT) Received: from localhost ([::1]:46514 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTIG2-0007VD-89 for importer@patchew.org; Fri, 16 Oct 2020 01:26:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38138) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTIER-0006aV-Vo for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:32378) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kTIEP-0002YK-JE for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:47 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-399-Ssgol0qqO7CmnDRub6ficQ-1; Fri, 16 Oct 2020 01:24:42 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C19D01007465; Fri, 16 Oct 2020 05:24:40 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id D827B5D9CA; Fri, 16 Oct 2020 05:24:36 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 047781750A; Fri, 16 Oct 2020 07:24:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602825884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YxtuLzdJo8GjTOuAgOrDwvK/4bPK4aKYuQsn5L+FMWM=; b=DHdetca4fw8eLc15sGSDbCLDND2c3l78GjWoGfzplpK/m64UqKugHMbk8xv7sMCRbhF7k+ vPIiybGbmusZdUre+CdF3I6bAxkg62YovbnuG4WPpGiS9omWPsjSr9bbes/tU3HEwh6mn9 VH4RUR6ApIs7/tuungdC4uQ2IN2MU7U= X-MC-Unique: Ssgol0qqO7CmnDRub6ficQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Date: Fri, 16 Oct 2020 07:24:33 +0200 Message-Id: <20201016052435.26180-2-kraxel@redhat.com> In-Reply-To: <20201016052435.26180-1-kraxel@redhat.com> References: <20201016052435.26180-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/15 20:29:24 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Gerd Hoffmann , Paul Zimmerman Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Paul Zimmerman Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...), to prevent the guest from causing Qemu to assert. Also fix up several existing qemu_log_mask()s to include the function name in the message. Suggested-by: Peter Maydell Signed-off-by: Paul Zimmerman Message-id: 20200920021449.830-1-pauldzim@gmail.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-dwc2.c | 100 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 81 insertions(+), 19 deletions(-) diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 97688d21bf0f..64c23c1ed084 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -238,7 +238,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t = devadr, USBDevice *dev, pid =3D get_field(hctsiz, TSIZ_SC_MC_PID); pcnt =3D get_field(hctsiz, TSIZ_PKTCNT); len =3D get_field(hctsiz, TSIZ_XFERSIZE); - assert(len <=3D DWC2_MAX_XFER_SIZE); + if (len > DWC2_MAX_XFER_SIZE) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: HCTSIZ transfer size too large\n", __func__); + return; + } + chan =3D index >> 3; p =3D &s->packet[chan]; =20 @@ -663,7 +668,12 @@ static uint64_t dwc2_glbreg_read(void *ptr, hwaddr add= r, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr <=3D GINTSTS2); + if (addr > GINTSTS2) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->glbreg[index]; =20 switch (addr) { @@ -690,7 +700,12 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr, = int index, uint64_t val, uint32_t old; int iflg =3D 0; =20 - assert(addr <=3D GINTSTS2); + if (addr > GINTSTS2) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->glbreg[index]; old =3D *mmio; =20 @@ -715,27 +730,34 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr,= int index, uint64_t val, val &=3D ~GRSTCTL_DMAREQ; if (!(old & GRSTCTL_TXFFLSH) && (val & GRSTCTL_TXFFLSH)) { /* TODO - TX fifo flush */ - qemu_log_mask(LOG_UNIMP, "Tx FIFO flush not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Tx FIFO flush not implemented\n", + __func__); } if (!(old & GRSTCTL_RXFFLSH) && (val & GRSTCTL_RXFFLSH)) { /* TODO - RX fifo flush */ - qemu_log_mask(LOG_UNIMP, "Rx FIFO flush not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Rx FIFO flush not implemented\n", + __func__); } if (!(old & GRSTCTL_IN_TKNQ_FLSH) && (val & GRSTCTL_IN_TKNQ_FLSH))= { /* TODO - device IN token queue flush */ - qemu_log_mask(LOG_UNIMP, "Token queue flush not implemented\n"= ); + qemu_log_mask(LOG_UNIMP, "%s: Token queue flush not implemente= d\n", + __func__); } if (!(old & GRSTCTL_FRMCNTRRST) && (val & GRSTCTL_FRMCNTRRST)) { /* TODO - host frame counter reset */ - qemu_log_mask(LOG_UNIMP, "Frame counter reset not implemented\= n"); + qemu_log_mask(LOG_UNIMP, + "%s: Frame counter reset not implemented\n", + __func__); } if (!(old & GRSTCTL_HSFTRST) && (val & GRSTCTL_HSFTRST)) { /* TODO - host soft reset */ - qemu_log_mask(LOG_UNIMP, "Host soft reset not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Host soft reset not implemented\= n", + __func__); } if (!(old & GRSTCTL_CSFTRST) && (val & GRSTCTL_CSFTRST)) { /* TODO - core soft reset */ - qemu_log_mask(LOG_UNIMP, "Core soft reset not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Core soft reset not implemented\= n", + __func__); } /* don't allow clearing of self-clearing bits */ val |=3D old & (GRSTCTL_TXFFLSH | GRSTCTL_RXFFLSH | @@ -774,7 +796,12 @@ static uint64_t dwc2_fszreg_read(void *ptr, hwaddr add= r, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr =3D=3D HPTXFSIZ); + if (addr !=3D HPTXFSIZ) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->fszreg[index]; =20 trace_usb_dwc2_fszreg_read(addr, val); @@ -789,7 +816,12 @@ static void dwc2_fszreg_write(void *ptr, hwaddr addr, = int index, uint64_t val, uint32_t *mmio; uint32_t old; =20 - assert(addr =3D=3D HPTXFSIZ); + if (addr !=3D HPTXFSIZ) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->fszreg[index]; old =3D *mmio; =20 @@ -810,7 +842,12 @@ static uint64_t dwc2_hreg0_read(void *ptr, hwaddr addr= , int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D HCFG && addr <=3D HPRT0); + if (addr < HCFG || addr > HPRT0) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->hreg0[index]; =20 switch (addr) { @@ -837,7 +874,12 @@ static void dwc2_hreg0_write(void *ptr, hwaddr addr, i= nt index, uint64_t val, int prst =3D 0; int iflg =3D 0; =20 - assert(addr >=3D HCFG && addr <=3D HPRT0); + if (addr < HCFG || addr > HPRT0) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->hreg0[index]; old =3D *mmio; =20 @@ -923,7 +965,12 @@ static uint64_t dwc2_hreg1_read(void *ptr, hwaddr addr= , int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D HCCHAR(0) && addr <=3D HCDMAB(DWC2_NB_CHAN - 1)); + if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->hreg1[index]; =20 trace_usb_dwc2_hreg1_read(addr, hreg1nm[index & 7], addr >> 5, val); @@ -941,7 +988,12 @@ static void dwc2_hreg1_write(void *ptr, hwaddr addr, i= nt index, uint64_t val, int enflg =3D 0; int disflg =3D 0; =20 - assert(addr >=3D HCCHAR(0) && addr <=3D HCDMAB(DWC2_NB_CHAN - 1)); + if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->hreg1[index]; old =3D *mmio; =20 @@ -1008,7 +1060,12 @@ static uint64_t dwc2_pcgreg_read(void *ptr, hwaddr a= ddr, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D PCGCTL && addr <=3D PCGCCTL1); + if (addr < PCGCTL || addr > PCGCCTL1) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->pcgreg[index]; =20 trace_usb_dwc2_pcgreg_read(addr, pcgregnm[index], val); @@ -1023,7 +1080,12 @@ static void dwc2_pcgreg_write(void *ptr, hwaddr addr= , int index, uint32_t *mmio; uint32_t old; =20 - assert(addr >=3D PCGCTL && addr <=3D PCGCCTL1); + if (addr < PCGCTL || addr > PCGCCTL1) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->pcgreg[index]; old =3D *mmio; =20 @@ -1108,7 +1170,7 @@ static uint64_t dwc2_hreg2_read(void *ptr, hwaddr add= r, unsigned size) { /* TODO - implement FIFOs to support slave mode */ trace_usb_dwc2_hreg2_read(addr, addr >> 12, 0); - qemu_log_mask(LOG_UNIMP, "FIFO read not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: FIFO read not implemented\n", __func__); return 0; } =20 @@ -1119,7 +1181,7 @@ static void dwc2_hreg2_write(void *ptr, hwaddr addr, = uint64_t val, =20 /* TODO - implement FIFOs to support slave mode */ trace_usb_dwc2_hreg2_write(addr, addr >> 12, orig, 0, val); - qemu_log_mask(LOG_UNIMP, "FIFO write not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: FIFO write not implemented\n", __func__); } =20 static const MemoryRegionOps dwc2_mmio_hreg2_ops =3D { --=20 2.27.0 From nobody Thu Apr 25 13:56:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602825989; cv=none; d=zohomail.com; s=zohoarc; b=VDed818iwgxgmwoYldnuaH6eaaDhCtK9TZb3JBJLPqZDpvKcRzPjVHsIAm1W4E+w+ArpshzF3/odEI27hrVhsmIb0inarU1LXwFomlEGs1QdRaamcPLHgDvtnf2kEZ0ojAAmjK5n0QEe5qNO4c5U8ZQJni2iKIU7eHf1SEuif48= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602825989; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HNCvlE7RM1QPR+wbibqrkWpeHrTGkIaCIF9zrNn77r8=; b=RtMVa89cI6svt6LZpk64qvCrJzUMb5Gbm1ajz9qgF4SGSnp9Zdw9nFWl7Juv40suZaYK1Rt5qmfw875mIREHakIQ+3geo9KO5zdGYdxcii03bJ/c1NW//TkWdzspETqKgZRWgfHP6pIsweabz3o48ovhCDqEHaZGW7aqPV6MOqQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1602825989269702.9179753962987; Thu, 15 Oct 2020 22:26:29 -0700 (PDT) Received: from localhost ([::1]:46636 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTIG4-0007Yd-5g for importer@patchew.org; Fri, 16 Oct 2020 01:26:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38156) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTIET-0006ag-2N for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:49 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:39672) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kTIER-0002Yg-4X for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:48 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-454-HlBzPY0lMk6ZQP6JV0fQXw-1; Fri, 16 Oct 2020 01:24:41 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6BD58803655; Fri, 16 Oct 2020 05:24:40 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id D8FE95D9D5; Fri, 16 Oct 2020 05:24:36 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0DAED1753B; Fri, 16 Oct 2020 07:24:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602825886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HNCvlE7RM1QPR+wbibqrkWpeHrTGkIaCIF9zrNn77r8=; b=PLIXEVfE/rG8PJFUXjRMdQzqsRq7K+ymaAo2N3aebfLxkW4a6Ssoq29eJlrxnHAjQkvgQ9 Gpp+p4pLNHoYrxBW9e8a3rES/rFGbZWiz3KEQMNkbryyIPPjcu2kYxE+TqzLgLL4i48iR9 Q94rqnrqmtyNEhQZ7IYmx31x0vXRW4w= X-MC-Unique: HlBzPY0lMk6ZQP6JV0fQXw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD Date: Fri, 16 Oct 2020 07:24:34 +0200 Message-Id: <20201016052435.26180-3-kraxel@redhat.com> In-Reply-To: <20201016052435.26180-1-kraxel@redhat.com> References: <20201016052435.26180-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/16 01:24:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Anthony PERARD , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Anthony PERARD via The EHCI Host Controller emulation attempt to locate the device associated with a periodic isochronous transfer description (iTD) and when this fail the host controller is reset. But according the EHCI spec 1.0 section 5.15.2.4 Host System Error, the host controller is supposed to reset itself only when it failed to communicate with the Host (Operating System), like when there's an error on the PCI bus. If a transaction fails, there's nothing in the spec that say to reset the host controller. This patch rework the error path so that the host controller can keep working when the OS setup a bogus transaction, it also revert to the behavior of the EHCI emulation to before commits: e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()") 7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()") The issue has been found while trying to passthrough a USB device to a Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB device from working in Windows. ("usb-ehci" alone works, windows only setup this weird periodic iTD to device 127 endpoint 15 when the USB device is passthrough.) Signed-off-by: Anthony PERARD Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-ehci.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 2b995443fbfd..ae7f20c502ac 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1447,24 +1447,25 @@ static int ehci_process_itd(EHCIState *ehci, dev =3D ehci_find_device(ehci, devaddr); if (dev =3D=3D NULL) { ehci_trace_guest_bug(ehci, "no device found"); - qemu_sglist_destroy(&ehci->isgl); - return -1; - } - pid =3D dir ? USB_TOKEN_IN : USB_TOKEN_OUT; - ep =3D usb_ep_get(dev, pid, endp); - if (ep && ep->type =3D=3D USB_ENDPOINT_XFER_ISOC) { - usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false, - (itd->transact[i] & ITD_XACT_IOC) !=3D 0); - if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { - qemu_sglist_destroy(&ehci->isgl); - return -1; - } - usb_handle_packet(dev, &ehci->ipacket); - usb_packet_unmap(&ehci->ipacket, &ehci->isgl); - } else { - DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); - ehci->ipacket.status =3D USB_RET_NAK; + ehci->ipacket.status =3D USB_RET_NODEV; ehci->ipacket.actual_length =3D 0; + } else { + pid =3D dir ? USB_TOKEN_IN : USB_TOKEN_OUT; + ep =3D usb_ep_get(dev, pid, endp); + if (ep && ep->type =3D=3D USB_ENDPOINT_XFER_ISOC) { + usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, fal= se, + (itd->transact[i] & ITD_XACT_IOC) != =3D 0); + if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { + qemu_sglist_destroy(&ehci->isgl); + return -1; + } + usb_handle_packet(dev, &ehci->ipacket); + usb_packet_unmap(&ehci->ipacket, &ehci->isgl); + } else { + DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); + ehci->ipacket.status =3D USB_RET_NAK; + ehci->ipacket.actual_length =3D 0; + } } qemu_sglist_destroy(&ehci->isgl); =20 --=20 2.27.0 From nobody Thu Apr 25 13:56:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1602826153; cv=none; d=zohomail.com; s=zohoarc; b=Bx4mJCs569BK2xT8LaldmtFT4OFGu16ioXGRcQi+SwQX1dTac9ADNkmK0nLbQMRDwkPfgX+OteSig1xOm7rb039q9H51qOxfICitY72Nne8C1hewkYpJ3szz5sNOlB3cqSqA4AWhXuTxV6xJOAAbdWNIGt5rZ92lMpyJJ2APSpI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602826153; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lUtfh1pV9AgOvU32xZbNDmGEjWY9r+mwPr+Y3A74t4M=; b=i75SvnGAIv3OzDtiUobbMFRN3HYj7VqD/t2wZmenUiYG2r11At+UxZFXl2gzTmICD7jq33PZS4H3rrBycAHnMMlLHxnh+Kn/YrSOXm3jFCVR/XS/dXmwz8XJLlNmVSpxFhNl4LzMqol54XHHLey3eY5T5Xl3UXFvuTHBNr9G6P4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1602826153802235.1143746733377; Thu, 15 Oct 2020 22:29:13 -0700 (PDT) Received: from localhost ([::1]:51972 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTIIi-0001OD-Gx for importer@patchew.org; Fri, 16 Oct 2020 01:29:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38158) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTIET-0006bU-Vs for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:49 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:31578) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kTIER-0002Yf-5u for qemu-devel@nongnu.org; Fri, 16 Oct 2020 01:24:49 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-454-6_XEUnjMPUyw1Y0bOCL4Pw-1; Fri, 16 Oct 2020 01:24:41 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4352D8015A6; Fri, 16 Oct 2020 05:24:40 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1F9D65D9DD; Fri, 16 Oct 2020 05:24:36 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 169219D8F; Fri, 16 Oct 2020 07:24:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1602825886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lUtfh1pV9AgOvU32xZbNDmGEjWY9r+mwPr+Y3A74t4M=; b=ZubSaLDnzQl7pPQQw2ySzX5EeKo5tM5Ob7Phr8e2xykH74QI1zg6Z3MJee9qXBtEAWs9v4 4WN1F9sq4gv1O2tqNDfjJ1qyBdzWEbJbwzdcM4fTCPHeoR7AH/3sSkkBriGquT0YfgrZrp 4mq946IC0G3dhWSDkX/svYzX4ETpymA= X-MC-Unique: 6_XEUnjMPUyw1Y0bOCL4Pw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Date: Fri, 16 Oct 2020 07:24:35 +0200 Message-Id: <20201016052435.26180-4-kraxel@redhat.com> In-Reply-To: <20201016052435.26180-1-kraxel@redhat.com> References: <20201016052435.26180-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/16 01:24:43 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gaoning Pan , Mauro Matteo Cascella , Xingwei Lin , Gerd Hoffmann , Paul Zimmerman Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Mauro Matteo Cascella Check the value of mps to avoid potential divide-by-zero later in the funct= ion. Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy gue= st from crashing the QEMU process on the host. Signed-off-by: Mauro Matteo Cascella Reviewed-by: Paul Zimmerman Reported-by: Gaoning Pan Reported-by: Xingwei Lin Message-id: 20201015075957.268823-1-mcascell@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-dwc2.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 64c23c1ed084..e1d96acf7ecf 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -250,6 +250,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t = devadr, USBDevice *dev, trace_usb_dwc2_handle_packet(chan, dev, &p->packet, epnum, types[eptyp= e], dirs[epdir], mps, len, pcnt); =20 + if (mps =3D=3D 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad HCCHAR_MPS set to zero\n", __func__); + return; + } + if (eptype =3D=3D USB_ENDPOINT_XFER_CONTROL && pid =3D=3D TSIZ_SC_MC_P= ID_SETUP) { pid =3D USB_TOKEN_SETUP; } else { --=20 2.27.0