[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 06/10] ehci: Verify guest does not change the token
From: |
Hans de Goede |
Subject: |
[Qemu-devel] [PATCH 06/10] ehci: Verify guest does not change the token of inflight qtd-s |
Date: |
Wed, 14 Nov 2012 17:21:41 +0100 |
This is not allowed, except for clearing active on cancellation, so don't
warn when the new token does not have its active bit set.
This unifies the cancellation path for modified qtd-s, and prepares
ehci_verify_qtd to be used ad an extra check inside
ehci_writeback_async_complete_packet().
Signed-off-by: Hans de Goede <address@hidden>
---
hw/usb/hcd-ehci.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index a694346..e565d6a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -457,6 +457,7 @@ static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
if (p->qtdaddr != p->queue->qtdaddr ||
(!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd->next)) ||
(!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
+ p->qtd.token != qtd->token ||
p->qtd.bufptr[0] != qtd->bufptr[0]) {
return false;
} else {
@@ -1748,7 +1749,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
if (p != NULL) {
if (!ehci_verify_qtd(p, &qtd)) {
ehci_cancel_queue(q);
- ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD");
+ if (qtd.token & QTD_TOKEN_ACTIVE) {
+ ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
+ }
p = NULL;
} else {
p->qtd = qtd;
@@ -1757,11 +1760,6 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
}
if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
- if (p != NULL) {
- /* transfer canceled by guest (clear active) */
- ehci_cancel_queue(q);
- p = NULL;
- }
ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
} else if (p != NULL) {
switch (p->async) {
--
1.7.12.1
- [Qemu-devel] [PATCH 00/10] ehci: various fixes, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 01/10] ehci: Don't access packet after freeing it, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 02/10] ehci: Fixup q->qtdaddr after cancelling an already completed packet, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 03/10] ehci: Better detection for qtd-s linked in circles, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 04/10] ehci: Add a ehci_writeback_async_complete_packet helper function, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 05/10] ehci: Add ehci_verify_qh and ehci_verify_qtd helper functions, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 06/10] ehci: Verify guest does not change the token of inflight qtd-s,
Hans de Goede <=
- [Qemu-devel] [PATCH 07/10] ehci: Don't verify the next pointer for periodic qh-s, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 08/10] ehci: Move get / put_dwords upwards, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 09/10] ehci: writeback_async_complete_packet: verify qh and qtd, Hans de Goede, 2012/11/14
- [Qemu-devel] [PATCH 10/10] ehci: Verify qtd for async completed packets, Hans de Goede, 2012/11/14
- Re: [Qemu-devel] [PATCH 00/10] ehci: various fixes, Gerd Hoffmann, 2012/11/15