diff options
Diffstat (limited to 'hw/usb')
-rw-r--r-- | hw/usb/Makefile.objs | 3 | ||||
-rw-r--r-- | hw/usb/bus.c | 4 | ||||
-rw-r--r-- | hw/usb/dev-bluetooth.c | 10 | ||||
-rw-r--r-- | hw/usb/hcd-ehci.c | 7 | ||||
-rw-r--r-- | hw/usb/hcd-ehci.h | 1 |
5 files changed, 17 insertions, 8 deletions
diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index f9695e7..a3eac3e 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -18,9 +18,6 @@ common-obj-$(CONFIG_USB_STORAGE_UAS) += dev-uas.o common-obj-$(CONFIG_USB_AUDIO) += dev-audio.o common-obj-$(CONFIG_USB_SERIAL) += dev-serial.o common-obj-$(CONFIG_USB_NETWORK) += dev-network.o - -# FIXME: make configurable too -CONFIG_USB_BLUETOOTH := y common-obj-$(CONFIG_USB_BLUETOOTH) += dev-bluetooth.o ifeq ($(CONFIG_USB_SMARTCARD),y) diff --git a/hw/usb/bus.c b/hw/usb/bus.c index 82ca6a1..72d5b92 100644 --- a/hw/usb/bus.c +++ b/hw/usb/bus.c @@ -47,6 +47,10 @@ static int usb_device_post_load(void *opaque, int version_id) } else { dev->attached = 1; } + if (dev->setup_index >= sizeof(dev->data_buf) || + dev->setup_len >= sizeof(dev->data_buf)) { + return -EINVAL; + } return 0; } diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c index f2fc2a8..7f292b1 100644 --- a/hw/usb/dev-bluetooth.c +++ b/hw/usb/dev-bluetooth.c @@ -511,10 +511,17 @@ static int usb_bt_initfn(USBDevice *dev) return 0; } -USBDevice *usb_bt_init(USBBus *bus, HCIInfo *hci) +static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) { USBDevice *dev; struct USBBtState *s; + HCIInfo *hci; + + if (*cmdline) { + hci = hci_init(cmdline); + } else { + hci = bt_new_hci(qemu_find_bt_vlan(0)); + } if (!hci) return NULL; @@ -566,6 +573,7 @@ static const TypeInfo bt_info = { static void usb_bt_register_types(void) { type_register_static(&bt_info); + usb_legacy_register("usb-bt-dongle", "bt", usb_bt_init); } type_init(usb_bt_register_types) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 137e200..22bdbf4 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1241,13 +1241,11 @@ static int ehci_init_transfer(EHCIPacket *p) { uint32_t cpage, offset, bytes, plen; dma_addr_t page; - USBBus *bus = &p->queue->ehci->bus; - BusState *qbus = BUS(bus); cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE); bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES); offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK; - qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as); + qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as); while (bytes > 0) { if (cpage > 4) { @@ -1486,7 +1484,7 @@ static int ehci_process_itd(EHCIState *ehci, return -1; } - qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as); + qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as); if (off + len > 4096) { /* transfer crosses page border */ uint32_t len2 = off + len - 4096; @@ -2529,6 +2527,7 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_frame_timer, s); s->async_bh = qemu_bh_new(ehci_frame_timer, s); + s->device = dev; qemu_register_reset(ehci_reset, s); qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h index 15a28e8..065c9fa 100644 --- a/hw/usb/hcd-ehci.h +++ b/hw/usb/hcd-ehci.h @@ -255,6 +255,7 @@ typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; struct EHCIState { USBBus bus; + DeviceState *device; qemu_irq irq; MemoryRegion mem; AddressSpace *as; |