[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 05/32] ehci: writeback_async_complete_packet: verify
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PATCH 05/32] ehci: writeback_async_complete_packet: verify qh and qtd |
Date: |
Tue, 8 Jan 2013 14:14:27 +0100 |
From: Hans de Goede <address@hidden>
Signed-off-by: Hans de Goede <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/usb/hcd-ehci.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 934af55..96a0144 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -192,6 +192,7 @@ static int ehci_state_executing(EHCIQueue *q);
static int ehci_state_writeback(EHCIQueue *q);
static int ehci_state_advqueue(EHCIQueue *q);
static int ehci_fill_queue(EHCIPacket *p);
+static void ehci_free_packet(EHCIPacket *p);
static const char *nr2str(const char **n, size_t len, uint32_t nr)
{
@@ -516,8 +517,21 @@ static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
static void ehci_writeback_async_complete_packet(EHCIPacket *p)
{
EHCIQueue *q = p->queue;
+ EHCIqtd qtd;
+ EHCIqh qh;
int state;
+ /* Verify the qh + qtd, like we do when going through fetchqh & fetchqtd */
+ get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
+ (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
+ get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
+ (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
+ if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
+ p->async = EHCI_ASYNC_INITIALIZED;
+ ehci_free_packet(p);
+ return;
+ }
+
state = ehci_get_state(q->ehci, q->async);
ehci_state_executing(q);
ehci_state_writeback(q); /* Frees the packet! */
--
1.7.1
- [Qemu-devel] [PULL 00/32] usb patch queue, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 04/32] ehci: Move get / put_dwords upwards, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 03/32] ehci: Verify guest does not change the token of inflight qtd-s, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 05/32] ehci: writeback_async_complete_packet: verify qh and qtd,
Gerd Hoffmann <=
- [Qemu-devel] [PATCH 11/32] ehci: Don't call commit_irq after raising PCD, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 12/32] uhci: Fix 1 ms delay in interrupt reporting to the guest, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 14/32] uhci: Add a QH_VALID define, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 21/32] usbredir: Add USBEP2I and I2USBEP helper macros, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 01/32] ehci: Add a ehci_writeback_async_complete_packet helper function, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 17/32] hid: Change idle handling to use a timer, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 25/32] usb-redir: Add debugging to bufpq save / restore, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 10/32] ehci: Further speedup rescanning if async schedule after raising an interrupt, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 08/32] ehci: Verify a queue's ep direction does not change, Gerd Hoffmann, 2013/01/08
- [Qemu-devel] [PATCH 07/32] ehci: Add an ehci_get_pid helper function, Gerd Hoffmann, 2013/01/08