[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 13/17] uhci: Detect guest td re-use
From: |
Hans de Goede |
Subject: |
[Qemu-devel] [PATCH 13/17] uhci: Detect guest td re-use |
Date: |
Wed, 24 Oct 2012 18:31:16 +0200 |
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <address@hidden>
---
hw/usb/hcd-uhci.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index 0984bee..c4f2f98 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -319,28 +319,18 @@ static void uhci_async_cancel_all(UHCIState *s)
}
}
-static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr,
- UHCI_TD *td)
+static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr)
{
- uint32_t token = uhci_queue_token(td);
UHCIQueue *queue;
UHCIAsync *async;
QTAILQ_FOREACH(queue, &s->queues, next) {
- if (queue->token == token) {
- break;
- }
- }
- if (queue == NULL) {
- return NULL;
- }
-
- QTAILQ_FOREACH(async, &queue->asyncs, next) {
- if (async->td_addr == td_addr) {
- return async;
+ QTAILQ_FOREACH(async, &queue->asyncs, next) {
+ if (async->td_addr == td_addr) {
+ return async;
+ }
}
}
-
return NULL;
}
@@ -805,11 +795,21 @@ out:
static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
UHCI_TD *td, uint32_t td_addr, uint32_t *int_mask)
{
- UHCIAsync *async;
int len = 0, max_len;
bool spd;
bool queuing = (q != NULL);
uint8_t pid = td->token & 0xff;
+ UHCIAsync *async = uhci_async_find_td(s, td_addr);
+
+ if (async) {
+ if (uhci_queue_verify(async->queue, qh_addr, td, td_addr, queuing)) {
+ assert(q == NULL || q == async->queue);
+ q = async->queue;
+ } else {
+ uhci_queue_free(async->queue, "guest re-used pending td");
+ async = NULL;
+ }
+ }
if (q == NULL) {
q = uhci_queue_find(s, td);
@@ -831,7 +831,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q,
uint32_t qh_addr,
return TD_RESULT_NEXT_QH;
}
- async = uhci_async_find_td(s, td_addr, td);
if (async) {
/* Already submitted */
async->queue->valid = 32;
--
1.7.12.1
- [Qemu-devel] [PATCH 01/17] usb: Enforce iso endpoints never returing USB_RET_ASYNC, (continued)
- [Qemu-devel] [PATCH 01/17] usb: Enforce iso endpoints never returing USB_RET_ASYNC, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 02/17] uhci: No need to handle async completion of isoc packets, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 07/17] uhci: Rename UHCIAsync->td to UHCIAsync->td_addr, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 06/17] uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 04/17] uhci: Don't retry on error, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 09/17] uhci: Make uhci_fill_queue() actually operate on an UHCIQueue, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 05/17] uhci: Drop unnecessary forward declaration of some static functions, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 08/17] uhci: Add uhci_read_td() helper function, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 03/17] uhci: cleanup: Add an unlink call to uhci_async_cancel(), Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 11/17] uhci: Immediately free queues on device disconnect, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 13/17] uhci: Detect guest td re-use,
Hans de Goede <=
- [Qemu-devel] [PATCH 12/17] uhci: Verify queue has not been changed by guest, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 10/17] uhci: Store ep in UHCIQueue, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 14/17] uhci: When the guest marks a pending td non-active, cancel the queue, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 17/17] uhci: Use only one queue for ctrl endpoints, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 16/17] uhci: Retry to fill the queue while waiting for td completion, Hans de Goede, 2012/10/24
- [Qemu-devel] [PATCH 15/17] uhci: Always mark a queue valid when we encounter it, Hans de Goede, 2012/10/24
- Re: [Qemu-devel] uhci: Cleanups, fixes and improvements, Gerd Hoffmann, 2012/10/25