[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] usb: drop active assert when pid is invalid
|
From: |
Gonglei (Arei) |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] usb: drop active assert when pid is invalid |
|
Date: |
Tue, 16 Feb 2016 14:30:22 +0000 |
>
> Hi,
>
> > diff --git a/hw/usb/core.c b/hw/usb/core.c
> > index bea5e1e..6fbcf00 100644
> > --- a/hw/usb/core.c
> > +++ b/hw/usb/core.c
> > @@ -716,7 +716,6 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev,
> int pid, int ep)
> > if (ep == 0) {
> > return &dev->ep_ctl;
> > }
> > - assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT);
>
> Please keep this.
>
> > assert(ep > 0 && ep <= USB_MAX_ENDPOINTS);
> > return eps + ep - 1;
> > }
> > diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
> > index 5ccfb83..ff66397 100644
> > --- a/hw/usb/hcd-uhci.c
> > +++ b/hw/usb/hcd-uhci.c
> > @@ -883,6 +883,7 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue
> *q, uint32_t qh_addr,
> > /* invalid pid : frame interrupted */
> > uhci_async_free(async);
> > s->status |= UHCI_STS_HCPERR;
> > + s->cmd &= ~UHCI_CMD_RS;
>
> When clearing RS in cmd we should also set HALTED in status I think.
>
Actually, uhci_frame_timer() had done this work.
if (!(s->cmd & UHCI_CMD_RS)) {
/* Full stop */
trace_usb_uhci_schedule_stop();
qemu_del_timer(s->frame_timer);
uhci_async_cancel_all(s);
/* set hchalted bit in status - UHCI11D 2.1.2 */
s->status |= UHCI_STS_HCHALTED;
return;
}
> How do we reach the assert above? Maybe it is enough to move this pid
> check to the start of the uhci_handle_td function to avoid triggering
> the assert?
>
If Qemu read a wrong td, and then get a wrong pid, assertion will be reached.
I thought that method, but I gave up as more complicated.
Regards,
-Gonglei