From nobody Mon Feb 9 03:52:51 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1661841748; cv=none; d=zohomail.com; s=zohoarc; b=iozRkBM0lGtXZG9uRfSXCMgeq/j09SlxjNwt+RnSLjAmiQ99X1NO9QEhdBwn70TqpUtRzlF3kdWNaNKl2jUjmb1dD8weCv+lrNVCHGqMOWt+oHBQt3w2D+tDpiQdVd0z95HH4YxTyy4q/5r2npj7XZBRId0Eu2zuWKyHMOHzaDU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661841748; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hsOqXgicuTyAeeO6P07elOb964v3Eg7CA+6DZtv8jGI=; b=fEyT6tJzH1uYEqShuHlnohLz46qcrb1pu9NNAb3Yxc2aKSsKkBv4kHRnjGlyiIaoVcHpk9IBtK7V218FCEtak/2mTAGnzqEW5dL+dq0ZUphGe0BazsqE/BuUO0GJPOc0NIYVDa0ChvvzUJy2WVvMxhrAkZxNf0WJMNIzSt3tpYM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1661841748942200.18611365709114; Mon, 29 Aug 2022 23:42:28 -0700 (PDT) Received: from localhost ([::1]:35708 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oSux9-00026E-EC for importer@patchew.org; Tue, 30 Aug 2022 02:42:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53716) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oSutQ-000889-3J for qemu-devel@nongnu.org; Tue, 30 Aug 2022 02:38:36 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:35763) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oSutM-0003Sl-Qw for qemu-devel@nongnu.org; Tue, 30 Aug 2022 02:38:34 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-427-lU9wy-xeNXOyDeyk3QUiZQ-1; Tue, 30 Aug 2022 02:38:29 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 26865801231 for ; Tue, 30 Aug 2022 06:38:29 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.195.70]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EA4E32166B26; Tue, 30 Aug 2022 06:38:28 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 77886180061D; Tue, 30 Aug 2022 08:38:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661841511; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hsOqXgicuTyAeeO6P07elOb964v3Eg7CA+6DZtv8jGI=; b=C5AHhO5YO1O5u8JvR8w6eIwFOISJrHnPmxZA5LecrpZZdZ4FTmMydR5pAQrCu/STezNjD3 JtH4U2yiUWKtn4DhAYe+q78SVoLaO8smjwhAxrkdC8D65xqOo1WSj3nqYRosipEdoxLnnd gTyULhUlYuGYOMwZFTIlE7Lz5DdSycE= X-MC-Unique: lU9wy-xeNXOyDeyk3QUiZQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Gerd Hoffmann Subject: [PATCH 1/2] usb/msd: move usb_msd_packet_complete() Date: Tue, 30 Aug 2022 08:38:26 +0200 Message-Id: <20220830063827.813053-2-kraxel@redhat.com> In-Reply-To: <20220830063827.813053-1-kraxel@redhat.com> References: <20220830063827.813053-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661841749481100001 Content-Type: text/plain; charset="utf-8" Change ordering to avoid adding forward declarations in following patches. Fix comment code style while being at it. No functional change. Signed-off-by: Gerd Hoffmann --- hw/usb/dev-storage.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index dca62d544fe9..4485a2411797 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -177,6 +177,20 @@ static const USBDesc desc =3D { .str =3D desc_strings, }; =20 +static void usb_msd_packet_complete(MSDState *s) +{ + USBPacket *p =3D s->packet; + + /* + * Set s->packet to NULL before calling usb_packet_complete + * because another request may be issued before + * usb_packet_complete returns. + */ + trace_usb_msd_packet_complete(); + s->packet =3D NULL; + usb_packet_complete(&s->dev, p); +} + static void usb_msd_copy_data(MSDState *s, USBPacket *p) { uint32_t len; @@ -208,18 +222,6 @@ static void usb_msd_send_status(MSDState *s, USBPacket= *p) memset(&s->csw, 0, sizeof(s->csw)); } =20 -static void usb_msd_packet_complete(MSDState *s) -{ - USBPacket *p =3D s->packet; - - /* Set s->packet to NULL before calling usb_packet_complete - because another request may be issued before - usb_packet_complete returns. */ - trace_usb_msd_packet_complete(); - s->packet =3D NULL; - usb_packet_complete(&s->dev, p); -} - void usb_msd_transfer_data(SCSIRequest *req, uint32_t len) { MSDState *s =3D DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent); --=20 2.37.2 From nobody Mon Feb 9 03:52:51 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1661841750; cv=none; d=zohomail.com; s=zohoarc; b=QMrgZvaN16V6cFjIZQrsAkOf4wEA35e5N27DXuqvEcvUrGmr0AgIMFwjAnE4ABbRfNKespflTEDH/TYmvK1c96VndL5/GMMjwjw2h0klqF36n13rrrOCV8Zg4QmPjI+nodwJj507DOlwZpLhyYTE0vM0iQMGkuJQZY/d++aXoSg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661841750; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=GX8TRsXP1TkBC79Lr0q9Tt4AaChfkw0YPNy8WRpG+mw=; b=jRxfbglqAtxDR1eBA/R8pa+U1PY2RdIyIa8cfFqSUGM77hXrFiS4aTrTMI1xKWG7c3o54M8i/q+eNwhJBgZVTdHAmC+vmPnoUdJjTYGiHp5SGJbDVrh7gR3sXqaQMGgBbmVzU3Q/vLOx+Bv2caS6PAvaHPCE3Lrrl5qvZIjzwYI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1661841750242183.81628759696457; Mon, 29 Aug 2022 23:42:30 -0700 (PDT) Received: from localhost ([::1]:35710 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oSuxA-00028O-Oz for importer@patchew.org; Tue, 30 Aug 2022 02:42:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48864) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oSutR-0008AI-DZ for qemu-devel@nongnu.org; Tue, 30 Aug 2022 02:38:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:54090) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oSutO-0003TL-V2 for qemu-devel@nongnu.org; Tue, 30 Aug 2022 02:38:36 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-463-HNffULwjMbqaJneY_oabtg-1; Tue, 30 Aug 2022 02:38:30 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8A44A185A79C; Tue, 30 Aug 2022 06:38:30 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.195.70]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5A09D2166B26; Tue, 30 Aug 2022 06:38:30 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 8811B180062F; Tue, 30 Aug 2022 08:38:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661841514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GX8TRsXP1TkBC79Lr0q9Tt4AaChfkw0YPNy8WRpG+mw=; b=gEtHpzamk4FBKwz+dpV91qPlAKiJ9IkWufrR/rQGfjJW60X6sC+rKr7UnNzBF0zu5bKMe1 8OJOq4btX6VsEnztzR70iEKo+mOkesl6M2PGVhq2ah9GDQkRMpE2eHiTGkAKllSM1x0oCF 22NxuWwNSTtL1SMcWLzM/0Iozcph+/4= X-MC-Unique: HNffULwjMbqaJneY_oabtg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Qiang Liu Subject: [PATCH 2/2] usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert Date: Tue, 30 Aug 2022 08:38:27 +0200 Message-Id: <20220830063827.813053-3-kraxel@redhat.com> In-Reply-To: <20220830063827.813053-1-kraxel@redhat.com> References: <20220830063827.813053-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661841751256100004 Content-Type: text/plain; charset="utf-8" Add handler for fatal errors. Moves device into error state where it stops responding until the guest resets it. Guest can send illegal requests where scsi command and usb packet transfer directions are inconsistent. Use the new usb_msd_fatal_error() function instead of assert() in that case. Reported-by: Qiang Liu Signed-off-by: Gerd Hoffmann Tested-by: Qiang Liu --- include/hw/usb/msd.h | 1 + hw/usb/dev-storage.c | 30 +++++++++++++++++++++++++++++- hw/usb/trace-events | 1 + 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/include/hw/usb/msd.h b/include/hw/usb/msd.h index 54e9f38bda46..f9fd862b529a 100644 --- a/include/hw/usb/msd.h +++ b/include/hw/usb/msd.h @@ -40,6 +40,7 @@ struct MSDState { bool removable; bool commandlog; SCSIDevice *scsi_dev; + bool needs_reset; }; =20 typedef struct MSDState MSDState; diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index 4485a2411797..3928209b8249 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -191,6 +191,23 @@ static void usb_msd_packet_complete(MSDState *s) usb_packet_complete(&s->dev, p); } =20 +static void usb_msd_fatal_error(MSDState *s) +{ + trace_usb_msd_fatal_error(); + + if (s->packet) { + s->packet->status =3D USB_RET_STALL; + usb_msd_packet_complete(s); + } + + /* + * Guest messed up up device state with illegal requests. Go + * ignore any requests until the guests resets the device (and + * brings it into a known state that way). + */ + s->needs_reset =3D true; +} + static void usb_msd_copy_data(MSDState *s, USBPacket *p) { uint32_t len; @@ -227,7 +244,11 @@ void usb_msd_transfer_data(SCSIRequest *req, uint32_t = len) MSDState *s =3D DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent); USBPacket *p =3D s->packet; =20 - assert((s->mode =3D=3D USB_MSDM_DATAOUT) =3D=3D (req->cmd.mode =3D=3D = SCSI_XFER_TO_DEV)); + if ((s->mode =3D=3D USB_MSDM_DATAOUT) !=3D (req->cmd.mode =3D=3D SCSI_= XFER_TO_DEV)) { + usb_msd_fatal_error(s); + return; + } + s->scsi_len =3D len; s->scsi_off =3D 0; if (p) { @@ -317,6 +338,8 @@ void usb_msd_handle_reset(USBDevice *dev) =20 memset(&s->csw, 0, sizeof(s->csw)); s->mode =3D USB_MSDM_CBW; + + s->needs_reset =3D false; } =20 static void usb_msd_handle_control(USBDevice *dev, USBPacket *p, @@ -382,6 +405,11 @@ static void usb_msd_handle_data(USBDevice *dev, USBPac= ket *p) SCSIDevice *scsi_dev; uint32_t len; =20 + if (s->needs_reset) { + p->status =3D USB_RET_STALL; + return; + } + switch (p->pid) { case USB_TOKEN_OUT: if (devep !=3D 2) diff --git a/hw/usb/trace-events b/hw/usb/trace-events index 914ca7166829..b65269892c5e 100644 --- a/hw/usb/trace-events +++ b/hw/usb/trace-events @@ -263,6 +263,7 @@ usb_msd_packet_complete(void) "" usb_msd_cmd_submit(unsigned lun, unsigned tag, unsigned flags, unsigned le= n, unsigned data_len) "lun %u, tag 0x%x, flags 0x%08x, len %d, data-len %d" usb_msd_cmd_complete(unsigned status, unsigned tag) "status %d, tag 0x%x" usb_msd_cmd_cancel(unsigned tag) "tag 0x%x" +usb_msd_fatal_error(void) "" =20 # dev-uas.c usb_uas_reset(int addr) "dev %d" --=20 2.37.2