diff options
| author | Hans de Goede <hdegoede@redhat.com> | 2012-12-14 14:35:27 +0100 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2013-01-07 12:57:23 +0100 |
| commit | e3fdfd488c47c2d6920e0964364f1238fb5bf0e2 (patch) | |
| tree | 523196ce9d579cf7be7c59342731c9e9f117008b /hw/usb | |
| parent | 2b3de6ada5d180130ba083d5b45ed51ce8e4def2 (diff) | |
| download | qemu-e3fdfd488c47c2d6920e0964364f1238fb5bf0e2.zip qemu-e3fdfd488c47c2d6920e0964364f1238fb5bf0e2.tar.gz qemu-e3fdfd488c47c2d6920e0964364f1238fb5bf0e2.tar.bz2 | |
ehci: Verify qtd for async completed packets
Remove the short-circuiting of fetchqtd in fetchqh, so that the
qtd gets properly verified before completing the transaction.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb')
| -rw-r--r-- | hw/usb/hcd-ehci.c | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 96a0144..dde2ff3 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1603,7 +1603,6 @@ out: static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) { uint32_t entry; - EHCIPacket *p; EHCIQueue *q; EHCIqh qh; @@ -1612,7 +1611,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) if (NULL == q) { q = ehci_alloc_queue(ehci, entry, async); } - p = QTAILQ_FIRST(&q->packets); q->seen++; if (q->seen > 1) { @@ -1637,7 +1635,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) if (ehci_reset_queue(q) > 0) { ehci_trace_guest_bug(ehci, "guest updated active QH"); } - p = NULL; } q->qh = qh; @@ -1651,13 +1648,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)); } - if (p && p->async == EHCI_ASYNC_FINISHED) { - /* I/O finished -- continue processing queue */ - trace_usb_ehci_packet_action(p->queue, p, "complete"); - ehci_set_state(ehci, async, EST_EXECUTING); - goto out; - } - if (async && (q->qh.epchar & QH_EPCHAR_H)) { /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */ @@ -1834,10 +1824,7 @@ static int ehci_state_fetchqtd(EHCIQueue *q) ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); break; case EHCI_ASYNC_FINISHED: - /* - * We get here when advqueue moves to a packet which is already - * finished, which can happen with packets queued up by fill_queue - */ + /* Complete executing of the packet */ ehci_set_state(q->ehci, q->async, EST_EXECUTING); break; } |