xhci: fix guest-triggerable assert

Set xhci into error state instead of throwing a core dump. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20180702162752.29233-1-kraxel@redhat.com
author: Gerd Hoffmann <kraxel@redhat.com> 2018-07-02 18:27:52 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2018-07-03 09:50:39 +0200
commit: 8f36ec708834dfad58af6feb0b69bb0be6077f0f (patch)
tree: 82e1b86f3f202245d3818d0c01573836d829802e
parent: 8bb01b257f3398eae059e93bd7c8a3f5f54c5438 (diff)
download: qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.zip
qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.tar.gz
qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 721beb5..8f1a01a 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1954,7 +1954,12 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
         for (i = 0; i < length; i++) {
             TRBType type;
             type = xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL);
-            assert(type);
+            if (!type) {
+                xhci_die(xhci);
+                xhci_ep_free_xfer(xfer);
+                epctx->kick_active--;
+                return;
+            }
         }
         xfer->streamid = streamid;
author	Gerd Hoffmann <kraxel@redhat.com>	2018-07-02 18:27:52 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2018-07-03 09:50:39 +0200
commit	8f36ec708834dfad58af6feb0b69bb0be6077f0f (patch)
tree	82e1b86f3f202245d3818d0c01573836d829802e
parent	8bb01b257f3398eae059e93bd7c8a3f5f54c5438 (diff)
download	qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.zip qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.tar.gz qemu-8f36ec708834dfad58af6feb0b69bb0be6077f0f.tar.bz2