1. Patchew
  2. QEMU
  3. View series

[PATCH] hw/usb/hcd-xhci: Unmap canceled packet

Akihiko Odaki posted 1 patch 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250418-xhc-v1-1-bb32dab6a67e@daynix.com
hw/usb/hcd-xhci.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
[PATCH] hw/usb/hcd-xhci: Unmap canceled packet
Posted by Akihiko Odaki 7 months ago 
When the Stop Endpoint Command is received, packets running
asynchronously are canceled and then all packets are cleaned up. Packets
running asynchronously hold the DMA mapping so cleaning the packets leak
the mapping. Remove the mapping after canceling packets to fix the leak.

Fixes: 62c6ae04cf43 ("xhci: Initial xHCI implementation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
---
 hw/usb/hcd-xhci.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 64c3a23b9b79..0f1ccd4aeeea 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1187,6 +1187,12 @@ static void xhci_ep_free_xfer(XHCITransfer *xfer)
     g_free(xfer);
 }
 
+static void xhci_xfer_unmap(XHCITransfer *xfer)
+{
+    usb_packet_unmap(&xfer->packet, &xfer->sgl);
+    qemu_sglist_destroy(&xfer->sgl);
+}
+
 static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report)
 {
     int killed = 0;
@@ -1198,6 +1204,7 @@ static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report)
 
     if (t->running_async) {
         usb_cancel_packet(&t->packet);
+        xhci_xfer_unmap(t);
         t->running_async = 0;
         killed = 1;
     }
@@ -1480,12 +1487,6 @@ err:
     return -1;
 }
 
-static void xhci_xfer_unmap(XHCITransfer *xfer)
-{
-    usb_packet_unmap(&xfer->packet, &xfer->sgl);
-    qemu_sglist_destroy(&xfer->sgl);
-}
-
 static void xhci_xfer_report(XHCITransfer *xfer)
 {
     uint32_t edtla = 0;

---
base-commit: 825b96dbcee23d134b691fc75618b59c5f53da32
change-id: 20250418-xhc-380f7a7150d2

Best regards,
-- 
Akihiko Odaki <akihiko.odaki@daynix.com>
Re: [PATCH] hw/usb/hcd-xhci: Unmap canceled packet
Posted by Philippe Mathieu-Daudé 6 months, 3 weeks ago 
On 18/4/25 07:51, Akihiko Odaki wrote:
> When the Stop Endpoint Command is received, packets running
> asynchronously are canceled and then all packets are cleaned up. Packets
> running asynchronously hold the DMA mapping so cleaning the packets leak
> the mapping. Remove the mapping after canceling packets to fix the leak.
> 
> Fixes: 62c6ae04cf43 ("xhci: Initial xHCI implementation")
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> ---
>   hw/usb/hcd-xhci.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)

Patch queued, thanks.
Re: [PATCH] hw/usb/hcd-xhci: Unmap canceled packet
Posted by Philippe Mathieu-Daudé 7 months ago 
On 18/4/25 07:51, Akihiko Odaki wrote:
> When the Stop Endpoint Command is received, packets running
> asynchronously are canceled and then all packets are cleaned up. Packets
> running asynchronously hold the DMA mapping so cleaning the packets leak
> the mapping. Remove the mapping after canceling packets to fix the leak.
> 

Cc: qemu-stable@nongnu.org

> Fixes: 62c6ae04cf43 ("xhci: Initial xHCI implementation")
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> ---
>   hw/usb/hcd-xhci.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.