From nobody Sat May 18 21:16:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1603110932; cv=none; d=zohomail.com; s=zohoarc; b=ADhirzaZtCXSkFSEqUL9vM13NnqMLIdpYX7g8SDU23anw2UkMDlrF21dQolpPKFtR/m1/HaOVppER1YnhAWvYbkmGHqGpsgQd/TLlEehlpYS5YoTmKUtXbGypA+h9sBzcLSdY9evTaO3icrNaRwhZv5/fqNW7nUgPWBb6vDmnUk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603110932; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=YxtuLzdJo8GjTOuAgOrDwvK/4bPK4aKYuQsn5L+FMWM=; b=jUKb2oDP0ZgK5a+hgTqOooNhVeMbfaPDCyS7ErA5bV3oJMhzbs64iMqJGhZD3+49ggNie/RgeggCwDxIbfT/6SXKSXGJj1GNUvc4hSlW3E/MX81JXBL7MxjkZNeW212w0CkXjvT5QlyT206zelqwKVjrrA25vDRdM8dIyE+i0BQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1603110932318146.6230917714787; Mon, 19 Oct 2020 05:35:32 -0700 (PDT) Received: from localhost ([::1]:39348 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kUUNv-0006qm-4x for importer@patchew.org; Mon, 19 Oct 2020 08:35:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59494) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUUM8-000595-EZ for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:43360) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kUUM3-0006il-Q0 for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:40 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-590-XGU0ta9YPMSmHHGeD7ifaA-1; Mon, 19 Oct 2020 08:33:32 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 662CC8030AA; Mon, 19 Oct 2020 12:33:31 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id D40A460C05; Mon, 19 Oct 2020 12:33:27 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id DA4041750A; Mon, 19 Oct 2020 14:33:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603110814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YxtuLzdJo8GjTOuAgOrDwvK/4bPK4aKYuQsn5L+FMWM=; b=gdFsN7eWQUubq5G9ikUp0YSJG5ZUHEd+9l2Hf9+gq+uCazoLAw630vHfOqW2ExmEPgLZ5c 9HtMGKZswA1/8R7gNG8jrgpXO7r4AYx+OT1G0N18Yt+gWrNN9Y17u6MtJdn7/eJKAL4zKp Ny6CJwxDiu/o3quEJV8Qc5A7TobYykk= X-MC-Unique: XGU0ta9YPMSmHHGeD7ifaA-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Date: Mon, 19 Oct 2020 14:33:24 +0200 Message-Id: <20201019123326.9973-2-kraxel@redhat.com> In-Reply-To: <20201019123326.9973-1-kraxel@redhat.com> References: <20201019123326.9973-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/19 02:32:01 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Gerd Hoffmann , Paul Zimmerman Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Paul Zimmerman Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...), to prevent the guest from causing Qemu to assert. Also fix up several existing qemu_log_mask()s to include the function name in the message. Suggested-by: Peter Maydell Signed-off-by: Paul Zimmerman Message-id: 20200920021449.830-1-pauldzim@gmail.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-dwc2.c | 100 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 81 insertions(+), 19 deletions(-) diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 97688d21bf0f..64c23c1ed084 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -238,7 +238,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t = devadr, USBDevice *dev, pid =3D get_field(hctsiz, TSIZ_SC_MC_PID); pcnt =3D get_field(hctsiz, TSIZ_PKTCNT); len =3D get_field(hctsiz, TSIZ_XFERSIZE); - assert(len <=3D DWC2_MAX_XFER_SIZE); + if (len > DWC2_MAX_XFER_SIZE) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: HCTSIZ transfer size too large\n", __func__); + return; + } + chan =3D index >> 3; p =3D &s->packet[chan]; =20 @@ -663,7 +668,12 @@ static uint64_t dwc2_glbreg_read(void *ptr, hwaddr add= r, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr <=3D GINTSTS2); + if (addr > GINTSTS2) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->glbreg[index]; =20 switch (addr) { @@ -690,7 +700,12 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr, = int index, uint64_t val, uint32_t old; int iflg =3D 0; =20 - assert(addr <=3D GINTSTS2); + if (addr > GINTSTS2) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->glbreg[index]; old =3D *mmio; =20 @@ -715,27 +730,34 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr,= int index, uint64_t val, val &=3D ~GRSTCTL_DMAREQ; if (!(old & GRSTCTL_TXFFLSH) && (val & GRSTCTL_TXFFLSH)) { /* TODO - TX fifo flush */ - qemu_log_mask(LOG_UNIMP, "Tx FIFO flush not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Tx FIFO flush not implemented\n", + __func__); } if (!(old & GRSTCTL_RXFFLSH) && (val & GRSTCTL_RXFFLSH)) { /* TODO - RX fifo flush */ - qemu_log_mask(LOG_UNIMP, "Rx FIFO flush not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Rx FIFO flush not implemented\n", + __func__); } if (!(old & GRSTCTL_IN_TKNQ_FLSH) && (val & GRSTCTL_IN_TKNQ_FLSH))= { /* TODO - device IN token queue flush */ - qemu_log_mask(LOG_UNIMP, "Token queue flush not implemented\n"= ); + qemu_log_mask(LOG_UNIMP, "%s: Token queue flush not implemente= d\n", + __func__); } if (!(old & GRSTCTL_FRMCNTRRST) && (val & GRSTCTL_FRMCNTRRST)) { /* TODO - host frame counter reset */ - qemu_log_mask(LOG_UNIMP, "Frame counter reset not implemented\= n"); + qemu_log_mask(LOG_UNIMP, + "%s: Frame counter reset not implemented\n", + __func__); } if (!(old & GRSTCTL_HSFTRST) && (val & GRSTCTL_HSFTRST)) { /* TODO - host soft reset */ - qemu_log_mask(LOG_UNIMP, "Host soft reset not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Host soft reset not implemented\= n", + __func__); } if (!(old & GRSTCTL_CSFTRST) && (val & GRSTCTL_CSFTRST)) { /* TODO - core soft reset */ - qemu_log_mask(LOG_UNIMP, "Core soft reset not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: Core soft reset not implemented\= n", + __func__); } /* don't allow clearing of self-clearing bits */ val |=3D old & (GRSTCTL_TXFFLSH | GRSTCTL_RXFFLSH | @@ -774,7 +796,12 @@ static uint64_t dwc2_fszreg_read(void *ptr, hwaddr add= r, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr =3D=3D HPTXFSIZ); + if (addr !=3D HPTXFSIZ) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->fszreg[index]; =20 trace_usb_dwc2_fszreg_read(addr, val); @@ -789,7 +816,12 @@ static void dwc2_fszreg_write(void *ptr, hwaddr addr, = int index, uint64_t val, uint32_t *mmio; uint32_t old; =20 - assert(addr =3D=3D HPTXFSIZ); + if (addr !=3D HPTXFSIZ) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->fszreg[index]; old =3D *mmio; =20 @@ -810,7 +842,12 @@ static uint64_t dwc2_hreg0_read(void *ptr, hwaddr addr= , int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D HCFG && addr <=3D HPRT0); + if (addr < HCFG || addr > HPRT0) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->hreg0[index]; =20 switch (addr) { @@ -837,7 +874,12 @@ static void dwc2_hreg0_write(void *ptr, hwaddr addr, i= nt index, uint64_t val, int prst =3D 0; int iflg =3D 0; =20 - assert(addr >=3D HCFG && addr <=3D HPRT0); + if (addr < HCFG || addr > HPRT0) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->hreg0[index]; old =3D *mmio; =20 @@ -923,7 +965,12 @@ static uint64_t dwc2_hreg1_read(void *ptr, hwaddr addr= , int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D HCCHAR(0) && addr <=3D HCDMAB(DWC2_NB_CHAN - 1)); + if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->hreg1[index]; =20 trace_usb_dwc2_hreg1_read(addr, hreg1nm[index & 7], addr >> 5, val); @@ -941,7 +988,12 @@ static void dwc2_hreg1_write(void *ptr, hwaddr addr, i= nt index, uint64_t val, int enflg =3D 0; int disflg =3D 0; =20 - assert(addr >=3D HCCHAR(0) && addr <=3D HCDMAB(DWC2_NB_CHAN - 1)); + if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->hreg1[index]; old =3D *mmio; =20 @@ -1008,7 +1060,12 @@ static uint64_t dwc2_pcgreg_read(void *ptr, hwaddr a= ddr, int index, DWC2State *s =3D ptr; uint32_t val; =20 - assert(addr >=3D PCGCTL && addr <=3D PCGCCTL1); + if (addr < PCGCTL || addr > PCGCCTL1) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return 0; + } + val =3D s->pcgreg[index]; =20 trace_usb_dwc2_pcgreg_read(addr, pcgregnm[index], val); @@ -1023,7 +1080,12 @@ static void dwc2_pcgreg_write(void *ptr, hwaddr addr= , int index, uint32_t *mmio; uint32_t old; =20 - assert(addr >=3D PCGCTL && addr <=3D PCGCCTL1); + if (addr < PCGCTL || addr > PCGCCTL1) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n", + __func__, addr); + return; + } + mmio =3D &s->pcgreg[index]; old =3D *mmio; =20 @@ -1108,7 +1170,7 @@ static uint64_t dwc2_hreg2_read(void *ptr, hwaddr add= r, unsigned size) { /* TODO - implement FIFOs to support slave mode */ trace_usb_dwc2_hreg2_read(addr, addr >> 12, 0); - qemu_log_mask(LOG_UNIMP, "FIFO read not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: FIFO read not implemented\n", __func__); return 0; } =20 @@ -1119,7 +1181,7 @@ static void dwc2_hreg2_write(void *ptr, hwaddr addr, = uint64_t val, =20 /* TODO - implement FIFOs to support slave mode */ trace_usb_dwc2_hreg2_write(addr, addr >> 12, orig, 0, val); - qemu_log_mask(LOG_UNIMP, "FIFO write not implemented\n"); + qemu_log_mask(LOG_UNIMP, "%s: FIFO write not implemented\n", __func__); } =20 static const MemoryRegionOps dwc2_mmio_hreg2_ops =3D { --=20 2.27.0 From nobody Sat May 18 21:16:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1603110928; cv=none; d=zohomail.com; s=zohoarc; b=OsWcTxXJ1zEIxZ+AddXvpfVek3Sn28GOyj/6hInOgls0TTrU7Ich2W0EO8HKkvr7E1gL1pZ/4cC1HA+k4gMXffKCelobFo1kDtuB68iMqtPkjMaRqatYP3SGHXF5JHtqbCIDae9ySkicTmhyJr9WMUG9gWXwvKuqH3WbUHKZ+D4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603110928; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=YuGaCQc6pSRlv2Q45hlM3NaD44LgqCPB61qxIz5IikI=; b=SuA0lMK0iTLPJdWtHskfG1SjIG3GKVLrNwLOZTtjmN06aJyHMMFwldlA5w+QnRb3Gfl5tXEFXIFCemxUovtAjfz/2lzq4xH5x+0pvqL7NFcr77g/NKBQLeMbBM6jMtSURgrr6T8X5TqHzOjygAbSqT5oP2y6un64J1ZYjW0ZcRc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1603110928979587.7540383601367; Mon, 19 Oct 2020 05:35:28 -0700 (PDT) Received: from localhost ([::1]:38910 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kUUNp-0006fz-QH for importer@patchew.org; Mon, 19 Oct 2020 08:35:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59472) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUUM5-000580-Rp for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26899) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kUUM2-0006ie-S3 for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:37 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-115-nHZYJkPLN2-VIstypJOTUQ-1; Mon, 19 Oct 2020 08:33:32 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2CC2564086; Mon, 19 Oct 2020 12:33:31 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id D76CB1A4D7; Mon, 19 Oct 2020 12:33:27 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id E23F71753B; Mon, 19 Oct 2020 14:33:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603110814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YuGaCQc6pSRlv2Q45hlM3NaD44LgqCPB61qxIz5IikI=; b=ETvgClfGmLVjLwJtrzWjRfJG/xZt9Gm04efOYNY0U5dhBe6S4L47JA+wVwh5e+AW+iPez/ Ae04oN/UNQnjEyEpyMe+nhm9VoZvgwSOMQkwUz+xsqFEJAS+rqdN//ZGOB4k7YgmdZAwxB nqE+R/JtSz+DYlV5c1E42y/JccfEjC8= X-MC-Unique: nHZYJkPLN2-VIstypJOTUQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD Date: Mon, 19 Oct 2020 14:33:25 +0200 Message-Id: <20201019123326.9973-3-kraxel@redhat.com> In-Reply-To: <20201019123326.9973-1-kraxel@redhat.com> References: <20201019123326.9973-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/19 01:44:30 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Anthony PERARD , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Anthony PERARD The EHCI Host Controller emulation attempt to locate the device associated with a periodic isochronous transfer description (iTD) and when this fail the host controller is reset. But according the EHCI spec 1.0 section 5.15.2.4 Host System Error, the host controller is supposed to reset itself only when it failed to communicate with the Host (Operating System), like when there's an error on the PCI bus. If a transaction fails, there's nothing in the spec that say to reset the host controller. This patch rework the error path so that the host controller can keep working when the OS setup a bogus transaction, it also revert to the behavior of the EHCI emulation to before commits: e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()") 7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()") The issue has been found while trying to passthrough a USB device to a Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB device from working in Windows. ("usb-ehci" alone works, windows only setup this weird periodic iTD to device 127 endpoint 15 when the USB device is passthrough.) Signed-off-by: Anthony PERARD Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-ehci.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 2b995443fbfd..ae7f20c502ac 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1447,24 +1447,25 @@ static int ehci_process_itd(EHCIState *ehci, dev =3D ehci_find_device(ehci, devaddr); if (dev =3D=3D NULL) { ehci_trace_guest_bug(ehci, "no device found"); - qemu_sglist_destroy(&ehci->isgl); - return -1; - } - pid =3D dir ? USB_TOKEN_IN : USB_TOKEN_OUT; - ep =3D usb_ep_get(dev, pid, endp); - if (ep && ep->type =3D=3D USB_ENDPOINT_XFER_ISOC) { - usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false, - (itd->transact[i] & ITD_XACT_IOC) !=3D 0); - if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { - qemu_sglist_destroy(&ehci->isgl); - return -1; - } - usb_handle_packet(dev, &ehci->ipacket); - usb_packet_unmap(&ehci->ipacket, &ehci->isgl); - } else { - DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); - ehci->ipacket.status =3D USB_RET_NAK; + ehci->ipacket.status =3D USB_RET_NODEV; ehci->ipacket.actual_length =3D 0; + } else { + pid =3D dir ? USB_TOKEN_IN : USB_TOKEN_OUT; + ep =3D usb_ep_get(dev, pid, endp); + if (ep && ep->type =3D=3D USB_ENDPOINT_XFER_ISOC) { + usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, fal= se, + (itd->transact[i] & ITD_XACT_IOC) != =3D 0); + if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { + qemu_sglist_destroy(&ehci->isgl); + return -1; + } + usb_handle_packet(dev, &ehci->ipacket); + usb_packet_unmap(&ehci->ipacket, &ehci->isgl); + } else { + DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); + ehci->ipacket.status =3D USB_RET_NAK; + ehci->ipacket.actual_length =3D 0; + } } qemu_sglist_destroy(&ehci->isgl); =20 --=20 2.27.0 From nobody Sat May 18 21:16:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1603110929; cv=none; d=zohomail.com; s=zohoarc; b=ksWWzVYT43G37Kw/gO+Vh3AyFD1Qk0ZFqbwWtjcadPQ8PqpRStGLHfMeI6NXqdJwBxAEKUbw06WQ7EblR+tu4RojPOhzUcxS7x/sOlS6Ol0fCBhiId5zfcY7ln2c+ipAIfN1dDM9x4zAkNGh/fU6MTRhCq8eFPMdLEn1556xCBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603110929; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lUtfh1pV9AgOvU32xZbNDmGEjWY9r+mwPr+Y3A74t4M=; b=FVAKM3oBkSWPAa+A35tubWcer5tjuZhrHkxc4Y0YJ9KART+Mb3JjuUldaNcLlLgCyvceA7HjEhOFXJGg7LQIoduL0PwOYCmgE4LaaoYgZy1aCz0NYKJZBuzjyVAsct/4zUW1+7vv9C91de9ZJw0uq9PXTLbFOYLJBU6Z8TfDk10= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16031109292163.8706922103950774; Mon, 19 Oct 2020 05:35:29 -0700 (PDT) Received: from localhost ([::1]:39136 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kUUNs-0006lX-3Y for importer@patchew.org; Mon, 19 Oct 2020 08:35:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59490) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUUM6-000587-Qq for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:31179) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kUUM3-0006ij-5O for qemu-devel@nongnu.org; Mon, 19 Oct 2020 08:33:38 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-63-x52XiXmRNCGRqU2wKRhHcw-1; Mon, 19 Oct 2020 08:33:32 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4821D101EBE2; Mon, 19 Oct 2020 12:33:31 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-56.ams2.redhat.com [10.36.112.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id E43C95D9D2; Mon, 19 Oct 2020 12:33:27 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id EB2B99D8F; Mon, 19 Oct 2020 14:33:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603110814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lUtfh1pV9AgOvU32xZbNDmGEjWY9r+mwPr+Y3A74t4M=; b=TyC3pu1rvc5Cm7qQ+eqMj47uqYOYCVO5BSUr16APk+JPtaXECifrl6Ewq6EtJQa93Gb3RZ hbW6a9TM3vW8kbhB2lnceqrGXYLULnhtnbLg6NlYO4C8T2hQmyz67jrsnvqryRfE1P61z3 CELccz4pDCnfg3kxpOULs2rav+OZTKw= X-MC-Unique: x52XiXmRNCGRqU2wKRhHcw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Date: Mon, 19 Oct 2020 14:33:26 +0200 Message-Id: <20201019123326.9973-4-kraxel@redhat.com> In-Reply-To: <20201019123326.9973-1-kraxel@redhat.com> References: <20201019123326.9973-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/19 01:44:30 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gaoning Pan , Mauro Matteo Cascella , Xingwei Lin , Gerd Hoffmann , Paul Zimmerman Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Mauro Matteo Cascella Check the value of mps to avoid potential divide-by-zero later in the funct= ion. Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy gue= st from crashing the QEMU process on the host. Signed-off-by: Mauro Matteo Cascella Reviewed-by: Paul Zimmerman Reported-by: Gaoning Pan Reported-by: Xingwei Lin Message-id: 20201015075957.268823-1-mcascell@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-dwc2.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 64c23c1ed084..e1d96acf7ecf 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -250,6 +250,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t = devadr, USBDevice *dev, trace_usb_dwc2_handle_packet(chan, dev, &p->packet, epnum, types[eptyp= e], dirs[epdir], mps, len, pcnt); =20 + if (mps =3D=3D 0) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad HCCHAR_MPS set to zero\n", __func__); + return; + } + if (eptype =3D=3D USB_ENDPOINT_XFER_CONTROL && pid =3D=3D TSIZ_SC_MC_P= ID_SETUP) { pid =3D USB_TOKEN_SETUP; } else { --=20 2.27.0