[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 27/36] uhci: Detect guest td re-use
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PATCH 27/36] uhci: Detect guest td re-use |
Date: |
Thu, 25 Oct 2012 14:52:00 +0200 |
From: Hans de Goede <address@hidden>
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/usb/hcd-uhci.c | 33 ++++++++++++++++-----------------
1 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index 0984bee..c4f2f98 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -319,28 +319,18 @@ static void uhci_async_cancel_all(UHCIState *s)
}
}
-static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr,
- UHCI_TD *td)
+static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr)
{
- uint32_t token = uhci_queue_token(td);
UHCIQueue *queue;
UHCIAsync *async;
QTAILQ_FOREACH(queue, &s->queues, next) {
- if (queue->token == token) {
- break;
- }
- }
- if (queue == NULL) {
- return NULL;
- }
-
- QTAILQ_FOREACH(async, &queue->asyncs, next) {
- if (async->td_addr == td_addr) {
- return async;
+ QTAILQ_FOREACH(async, &queue->asyncs, next) {
+ if (async->td_addr == td_addr) {
+ return async;
+ }
}
}
-
return NULL;
}
@@ -805,11 +795,21 @@ out:
static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
UHCI_TD *td, uint32_t td_addr, uint32_t *int_mask)
{
- UHCIAsync *async;
int len = 0, max_len;
bool spd;
bool queuing = (q != NULL);
uint8_t pid = td->token & 0xff;
+ UHCIAsync *async = uhci_async_find_td(s, td_addr);
+
+ if (async) {
+ if (uhci_queue_verify(async->queue, qh_addr, td, td_addr, queuing)) {
+ assert(q == NULL || q == async->queue);
+ q = async->queue;
+ } else {
+ uhci_queue_free(async->queue, "guest re-used pending td");
+ async = NULL;
+ }
+ }
if (q == NULL) {
q = uhci_queue_find(s, td);
@@ -831,7 +831,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q,
uint32_t qh_addr,
return TD_RESULT_NEXT_QH;
}
- async = uhci_async_find_td(s, td_addr, td);
if (async) {
/* Already submitted */
async->queue->valid = 32;
--
1.7.1
- [Qemu-devel] [PATCH 11/36] usb: Add USB_RET_ADD_TO_QUEUE packet result code, (continued)
- [Qemu-devel] [PATCH 11/36] usb: Add USB_RET_ADD_TO_QUEUE packet result code, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 08/36] ehci: Retry to fill the queue while waiting for td completion, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 15/36] usb: Enforce iso endpoints never returing USB_RET_ASYNC, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 06/36] ehci: Speed up the timer of raising int from the async schedule, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 32/36] xhci: fix function name in error message, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 12/36] usb: Move clearing of queue on halt to the core, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 16/36] uhci: No need to handle async completion of isoc packets, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 34/36] xhci: allow disabling interrupters, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 21/36] uhci: Rename UHCIAsync->td to UHCIAsync->td_addr, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 28/36] uhci: When the guest marks a pending td non-active, cancel the queue, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 27/36] uhci: Detect guest td re-use,
Gerd Hoffmann <=
- [Qemu-devel] [PATCH 13/36] usb: Move short-not-ok handling to the core, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 17/36] uhci: cleanup: Add an unlink call to uhci_async_cancel(), Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 25/36] uhci: Immediately free queues on device disconnect, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 14/36] usb: Add an int_req flag to USBPacket, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 36/36] xhci: fix usb name in caps, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 23/36] uhci: Make uhci_fill_queue() actually operate on an UHCIQueue, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 05/36] ehci: Improve latency of interrupt delivery and async schedule scanning, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 24/36] uhci: Store ep in UHCIQueue, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 19/36] uhci: Drop unnecessary forward declaration of some static functions, Gerd Hoffmann, 2012/10/25
- [Qemu-devel] [PATCH 26/36] uhci: Verify queue has not been changed by guest, Gerd Hoffmann, 2012/10/25