[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 7/9] xhci: guard xhci_kick_epctx against recursive ca
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL 7/9] xhci: guard xhci_kick_epctx against recursive calls |
Date: |
Mon, 6 Feb 2017 12:28:19 +0100 |
Track xhci_kick_epctx processing being active in a variable. Check the
variable before calling xhci_kick_epctx from xhci_kick_ep. Add an
assert to make sure we don't call recursively into xhci_kick_epctx.
Cc: address@hidden
Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
Reported-by: Fabian Lesniak <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Message-id: address@hidden
---
hw/usb/hcd-xhci.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index f89d8da..1878dad 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -390,6 +390,7 @@ struct XHCIEPContext {
dma_addr_t pctx;
unsigned int max_psize;
uint32_t state;
+ uint32_t kick_active;
/* streams */
unsigned int max_pstreams;
@@ -2131,6 +2132,9 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int
slotid,
return;
}
+ if (epctx->kick_active) {
+ return;
+ }
xhci_kick_epctx(epctx, streamid);
}
@@ -2146,6 +2150,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx,
unsigned int streamid)
int i;
trace_usb_xhci_ep_kick(epctx->slotid, epctx->epid, streamid);
+ assert(!epctx->kick_active);
/* If the device has been detached, but the guest has not noticed this
yet the 2 above checks will succeed, but we must NOT continue */
@@ -2217,6 +2222,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx,
unsigned int streamid)
}
assert(ring->dequeue != 0);
+ epctx->kick_active++;
while (1) {
length = xhci_ring_chain_length(xhci, ring);
if (length <= 0) {
@@ -2253,6 +2259,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx,
unsigned int streamid)
break;
}
}
+ epctx->kick_active--;
ep = xhci_epid_to_usbep(epctx);
if (ep) {
--
1.8.3.1
- [Qemu-devel] [PULL 0/9] usb: various bugfixes, mostly xhci., Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 8/9] usb: ccid: check ccid apdu length, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 3/9] usb: accept usb3 control requests, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 4/9] xhci: only free completed transfers, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 1/9] hw/usb/dev-hid: Improve guest compatibility of usb-tablet, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 7/9] xhci: guard xhci_kick_epctx against recursive calls,
Gerd Hoffmann <=
- [Qemu-devel] [PULL 5/9] xhci: rename xhci_complete_packet to xhci_try_complete_packet, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 6/9] xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 2/9] usb/uas: more verbose error message, Gerd Hoffmann, 2017/02/06
- [Qemu-devel] [PULL 9/9] xhci: fix event queue IRQ handling, Gerd Hoffmann, 2017/02/06
- Re: [Qemu-devel] [PULL 0/9] usb: various bugfixes, mostly xhci., no-reply, 2017/02/06
- Re: [Qemu-devel] [PULL 0/9] usb: various bugfixes, mostly xhci., Peter Maydell, 2017/02/06