[Qemu-devel] Guest OS hangs on usb

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Guest OS hangs on usb_add

From:	TJ
Subject:	[Qemu-devel] Guest OS hangs on usb_add
Date:	Thu, 24 Jun 2010 00:45:52 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100524 Thunderbird/3.0.4 ThunderBrowse/3.2.8.1

> ---------- Forwarded message ----------
> From: Timothy Jones <address@hidden>
> Date: Wed, Jun 23, 2010 at 9:07 PM
> Subject: Guest OS hangs on usb_add
> To: address@hidden
> 
> 
> With some digging around I found out that the qemu hangs in
> usb_host_claim_interfaces, which is caused by screwed up usb
> descriptor. The device reports the following:
> 
> (gdb) p dev->descr_len
> $21 = 50
> (gdb) p /x dev->address@hidden
> $23 = {0x18, 0x1, 0x0, 0x1, 0xff, 0xff, 0xff, 0x8, 0x47, 0x46, 0x0,
> 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x2, 0x20,
>  0x0, 0x1, 0x1, 0x0, 0x80, 0x19, 0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff,
> 0xff, 0x0, 0x7, 0x5, 0x81, 0x2, 0x40, 0x0, 0x0,
>  0x7, 0x5, 0x3, 0x2, 0x10, 0x0, 0x0}
> 
> The first 0x18 (Device Descriptor bLength) is supposed to be decimal
> 18, not hex! According to USB spec, if the device reports size greater
> than expected, the host is supposed ignore the extra bytes. So qemu
> behaves correctly here. However, with this length, the following
> Configuration Descriptor length falls on a 0x0 and so the qemu spins
> in an endless loop. (This is prolly something that should be detected
> and reported as error by qemu.)
> 
> My question is: This 0x18 -- is this something that comes from the
> device itself (ie, firmware bug)? Or does it come from the USB
> subsystem?
> 
> I don't mind writing a small patch to make descriptor parsing a bit
> more intelligent, but I am very unfamiliar with the code, so I might
> botch things up. Or is the above data sufficient for one of the devs
> to take a look at the code and improve it?
> 
> Thank you.
> 
> -TJ
> 

Here is small patch that fixed my problem.

In looking at the USB spec, it seems pretty clear cut about the whole
device/config/interface/endpoint descriptor hierarchy, so the
usb_host_claim_interfaces can be optimized instead of parsing through each
descriptor to skip through config descriptors using wTotalLength field. And
again, some checks can be done for descriptor types and/or sizes.

Just my 2 cents.

-TJ

hex-dev-descr-len.patch
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Guest OS hangs on usb_add, Timothy Jones, 2010/06/23
- [Qemu-devel] Guest OS hangs on usb_add, Timothy Jones, 2010/06/23
  - Message not available
    - [Qemu-devel] Guest OS hangs on usb_add, TJ <=
    - Re: [Qemu-devel] Guest OS hangs on usb_add, David S. Ahern, 2010/06/24
    - Re: [Qemu-devel] Guest OS hangs on usb_add, TJ, 2010/06/24
    - Re: [Qemu-devel] Guest OS hangs on usb_add, Gianni Tedesco, 2010/06/25
    - Re: [Qemu-devel] Guest OS hangs on usb_add, TJ, 2010/06/25
    - Re: [Qemu-devel] Guest OS hangs on usb_add, Gianni Tedesco, 2010/06/28
    - Re: [Qemu-devel] Guest OS hangs on usb_add, TJ, 2010/06/28
  - Re: [Qemu-devel] Guest OS hangs on usb_add, Markus Armbruster, 2010/06/24
    - Re: [Qemu-devel] Guest OS hangs on usb_add, TJ, 2010/06/24

Prev by Date: [Qemu-devel] [PATCH 15/15] ramblocks: No more being lazy about duplicate names
Next by Date: Re: [Qemu-devel] [PATCH 00/15] Make migration work with hotplug
Previous by thread: [Qemu-devel] Guest OS hangs on usb_add
Next by thread: Re: [Qemu-devel] Guest OS hangs on usb_add
Index(es):
- Date
- Thread