|
| From: | GitHub |
| Subject: | [Qemu-commits] [qemu/qemu] 491d68: usb:xhci: no DMA on HC reset |
| Date: | Thu, 12 May 2016 07:30:06 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 491d68d9382dbb588f2ff5132ee3d87ce2f1b230
https://github.com/qemu/qemu/commit/491d68d9382dbb588f2ff5132ee3d87ce2f1b230
Author: Roman Kagan <address@hidden>
Date: 2016-05-11 (Wed, 11 May 2016)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
usb:xhci: no DMA on HC reset
This patch is a rough fix to a memory corruption we are observing when
running VMs with xhci USB controller and OVMF firmware.
Specifically, on the following call chain
xhci_reset
xhci_disable_slot
xhci_disable_ep
xhci_set_ep_state
QEMU overwrites guest memory using stale guest addresses.
This doesn't happen when the guest (firmware) driver sets up xhci for
the first time as there are no slots configured yet. However when the
firmware hands over the control to the OS some slots and endpoints are
already set up with their context in the guest RAM. Now the OS' driver
resets the controller again and xhci_set_ep_state then reads and writes
that memory which is now owned by the OS.
As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the
device context base address array pointer is zero (indicating we're in
the HC reset and no DMA is possible).
Cc: address@hidden
Signed-off-by: Roman Kagan <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 1f66fe5778ca906448385ee004b38381ae067755
https://github.com/qemu/qemu/commit/1f66fe5778ca906448385ee004b38381ae067755
Author: Isaac Lozano <address@hidden>
Date: 2016-05-11 (Wed, 11 May 2016)
Changed paths:
M hw/usb/dev-mtp.c
Log Message:
-----------
usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't
complain
If an application uses libmtp on the guest system,
it will complain with the warning message:
LIBMTP WARNING: VendorExtensionID: ffffffff
LIBMTP WARNING: VendorExtensionDesc: (null)
LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but
not a MTP device at all. Trying to continue anyway.
This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a
MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor
Extension Identification Message page and are what most physical devices
show.
Signed-off-by: Isaac Lozano <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: a277c3e094d5e9f653ccc861f59e07c94c7fe6c7
https://github.com/qemu/qemu/commit/a277c3e094d5e9f653ccc861f59e07c94c7fe6c7
Author: Stefan Weil <address@hidden>
Date: 2016-05-11 (Wed, 11 May 2016)
Changed paths:
M hw/usb/host-libusb.c
Log Message:
-----------
usb: Support compilation without poll.h
This is a hack to support compilation with Mingw-w64 which provides
a libusb-1.0 package, but no poll.h.
Signed-off-by: Stefan Weil <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: f83b70f701923964aaf89e1203ddcef0dd48ed08
https://github.com/qemu/qemu/commit/f83b70f701923964aaf89e1203ddcef0dd48ed08
Author: Peter Maydell <address@hidden>
Date: 2016-05-12 (Thu, 12 May 2016)
Changed paths:
M hw/usb/dev-mtp.c
M hw/usb/hcd-xhci.c
M hw/usb/host-libusb.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160511-1' into
staging
usb: misc fixes
# gpg: Signature made Wed 11 May 2016 12:18:25 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
* remotes/kraxel/tags/pull-usb-20160511-1:
usb: Support compilation without poll.h
usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't
complain
usb:xhci: no DMA on HC reset
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/26617924e9a3...f83b70f70192
| [Prev in Thread] | Current Thread | [Next in Thread] |