[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 10/16] hw/usb/hcd-ehci: fix writeback order
From: |
Gerd Hoffmann |
Subject: |
[PULL 10/16] hw/usb/hcd-ehci: fix writeback order |
Date: |
Mon, 13 Jun 2022 13:36:49 +0200 |
From: Arnout Engelen <arnout@bzzt.net>
The 'active' bit passes control over a qTD between the guest and the
controller: set to 1 by guest to enable execution by the controller,
and the controller sets it to '0' to hand back control to the guest.
ehci_state_writeback write two dwords to main memory using DMA:
the third dword of the qTD (containing dt, total bytes to transfer,
cpage, cerr and status) and the fourth dword of the qTD (containing
the offset).
This commit makes sure the fourth dword is written before the third,
avoiding a race condition where a new offset written into the qTD
by the guest after it observed the status going to go to '0' gets
overwritten by a 'late' DMA writeback of the previous offset.
This race condition could lead to 'cpage out of range (5)' errors,
and reproduced by:
./qemu-system-x86_64 -enable-kvm -bios $SEABIOS/bios.bin -m 4096 -device
usb-ehci -blockdev
driver=file,read-only=on,filename=/home/aengelen/Downloads/openSUSE-Tumbleweed-DVD-i586-Snapshot20220428-Media.iso,node-name=iso
-device usb-storage,drive=iso,bootindex=0 -chardev
pipe,id=shell,path=/tmp/pipe -device virtio-serial -device
virtconsole,chardev=shell -device virtio-rng-pci -serial mon:stdio -nographic
(press a key, select 'Installation' (2), and accept the default
values. On my machine the 'cpage out of range' is reproduced while
loading the Linux Kernel about once per 7 attempts. With the fix in
this commit it no longer fails)
This problem was previously reported as a seabios problem in
https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/thread/OUTHT5ISSQJGXPNTUPY3O5E5EPZJCHM3/
and as a nixos CI build failure in
https://github.com/NixOS/nixpkgs/issues/170803
Signed-off-by: Arnout Engelen <arnout@bzzt.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 33a8a377bd95..d4da8dcb8d15 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -2011,7 +2011,10 @@ static int ehci_state_writeback(EHCIQueue *q)
ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
qtd = (uint32_t *) &q->qh.next_qtd;
addr = NLPTR_GET(p->qtdaddr);
- put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
+ /* First write back the offset */
+ put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qtd + 3, 1);
+ /* Then write back the token, clearing the 'active' bit */
+ put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 1);
ehci_free_packet(p);
/*
--
2.36.1
- [PULL 03/16] ui/cocoa: Fix poweroff request code, (continued)
- [PULL 03/16] ui/cocoa: Fix poweroff request code, Gerd Hoffmann, 2022/06/13
- [PULL 13/16] ui/console: Do not return a value with ui_info, Gerd Hoffmann, 2022/06/13
- [PULL 08/16] docs/system/devices/usb: Add CanoKey to USB devices examples, Gerd Hoffmann, 2022/06/13
- [PULL 06/16] meson: Add CanoKey, Gerd Hoffmann, 2022/06/13
- [PULL 12/16] virtio-gpu: update done only on the scanout associated with rect, Gerd Hoffmann, 2022/06/13
- [PULL 14/16] ui: Deliver refresh rate via QemuUIInfo, Gerd Hoffmann, 2022/06/13
- [PULL 01/16] ui/gtk-gl-area: implement GL context destruction, Gerd Hoffmann, 2022/06/13
- [PULL 02/16] ui/gtk-gl-area: create the requested GL context version, Gerd Hoffmann, 2022/06/13
- [PULL 16/16] ui: move 'pc-bios/keymaps' to 'ui/keymaps', Gerd Hoffmann, 2022/06/13
- [PULL 09/16] MAINTAINERS: add myself as CanoKey maintainer, Gerd Hoffmann, 2022/06/13
- [PULL 10/16] hw/usb/hcd-ehci: fix writeback order,
Gerd Hoffmann <=
- [PULL 15/16] virtio-gpu: Respect UI refresh rate for EDID, Gerd Hoffmann, 2022/06/13
- [PULL 07/16] docs: Add CanoKey documentation, Gerd Hoffmann, 2022/06/13
- Re: [PULL 00/16] Kraxel 20220613 patches, Richard Henderson, 2022/06/13
- Re: [PULL 00/16] Kraxel 20220613 patches, Gerd Hoffmann, 2022/06/14