aboutsummaryrefslogtreecommitdiff
path: root/hw/usb
AgeCommit message (Collapse)AuthorFilesLines
2017-06-02char: make chr_fe_deinit() optionaly delete backendMarc-André Lureau2-7/+2
This simplifies removing a backend for a frontend user (no need to retrieve the associated driver and separate delete call etc). NB: many frontends have questionable handling of ending a chardev. They should probably delete the backend to prevent broken reusage. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-06-02char: move CharBackend handling in char-fe unitMarc-André Lureau3-2/+3
Move all the frontend struct and methods to a seperate unit. This avoids accidentally mixing backend and frontend calls, and helps with readabilty. Make qemu_chr_replay() a macro shared by both char and char-fe. Export qemu_chr_write(), and use a macro for qemu_chr_write_all() (nb: yes, CharBackend is for char frontend :) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-06-02chardev: serial & parallel declaration to own headersMarc-André Lureau1-1/+1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-06-02chardev: move headers to include/chardevMarc-André Lureau3-3/+3
So they are all in one place. The following patch will move serial & parallel declarations to the respective headers. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-06-02Remove/replace sysemu/char.h inclusionMarc-André Lureau1-1/+1
Those are apparently unnecessary includes. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-05-29ehci: fix frame timer invocation.Gerd Hoffmann1-3/+10
ehci registers ehci_frame_timer as both timer and bottom half, which turned out to be a bad idea as it can be called as bottom half then while it is running as timer, and it isn't prepared to handle recursive calls. Change the timer func to just schedule the bottom half to avoid this. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1449609 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170519120428.25981-1-kraxel@redhat.com
2017-05-29usb: don't wakeup during coldplugGerd Hoffmann1-0/+8
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1452512 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170523084635.20062-1-kraxel@redhat.com
2017-05-29usb-hub: set PORT_STAT_C_SUSPEND on host-initiated wake-upLadi Prosek1-1/+14
PORT_STAT_C_SUSPEND should be set even on host-initiated wake-up, i.e. on ClearPortFeature(PORT_SUSPEND). Windows is known to not work properly otherwise. Side note, since PORT_ENABLE looks similar and might appear to have the same issue: According to 11.24.2.7.2.2 C_PORT_ENABLE: "This bit is set when the PORT_ENABLE bit changes from one to zero as a result of a Port Error condition (see Section 11.8.1). This bit is not set on any other changes to PORT_ENABLE." Signed-off-by: Ladi Prosek <lprosek@redhat.com> Message-id: 20170522123325.2199-1-lprosek@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-29xhci: add CONFIG_USB_XHCI_NEC optionGerd Hoffmann1-1/+1
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451189 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170517103313.8459-2-kraxel@redhat.com
2017-05-29xhci: split into multiple filesGerd Hoffmann4-236/+292
Moved structs and defines to hcd-xhci.h. Move nec controller variant to hcd-xhci-nec.c. No functional changes. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170517103313.8459-1-kraxel@redhat.com
2017-05-29usb: Simplify the parameter parsing of the legacy usb serial deviceThomas Huth1-16/+5
Coverity complains about the current code, so let's get rid of the now unneeded while loop and simply always emit "unrecognized serial USB option" for all unsupported options. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1495177204-16808-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-29ehci: fix overflow in frame timer codeGerd Hoffmann1-1/+1
In case the frame timer doesn't run for a while due to the host being busy skipped_uframes can become big enough that UFRAME_TIMER_NS * skipped_uframes overflows. Which in turn throws off all subsequent ehci frame timer calculations. Reported-by: 李林 <8610_28@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20170515104543.32044-1-kraxel@redhat.com
2017-05-15Merge remote-tracking branch 'kraxel/tags/pull-usb-20170512-1' into stagingStefan Hajnoczi4-36/+11
usb: bugfixes, doc update # gpg: Signature made Fri 12 May 2017 01:20:29 PM BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-usb-20170512-1: hw/usb/dev-serial: Do not try to set vendorid or productid properties xhci: relax link check usb-hub: clear PORT_STAT_SUSPEND on wakeup xhci: fix logging usb-redir: fix stack overflow in usbredir_log_data qemu-doc: Update to use the new way of attaching USB devices Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12hw/usb/dev-serial: Do not try to set vendorid or productid propertiesThomas Huth1-18/+6
When starting QEMU with the legacy USB serial device like this: qemu-system-x86_64 -usbdevice serial:vendorid=0x1234:stdio it currently aborts since the vendorid property does not exist anymore (it has been removed by commit f29783f72ea77dfbd7ea0c9): Unexpected error in object_property_find() at qemu/qom/object.c:1008: qemu-system-x86_64: -usbdevice serial:vendorid=0x1234:stdio: Property '.vendorid' not found Aborted (core dumped) Fix this crash by issuing a more friendly error message instead (and simplify the code also a little bit this way). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1493883704-27604-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12xhci: relax link checkLadi Prosek1-1/+1
The strict td link limit added by commit "05f43d4 xhci: limit the number of link trbs we are willing to process" causes problems with Windows guests. Let's raise the limit. This change is analogous to: commit ab6b1105a2259c7072905887f71caa850ce63190 Author: Gerd Hoffmann <kraxel@redhat.com> Date: Tue Mar 7 09:40:18 2017 +0100 ohci: relax link check Signed-off-by: Ladi Prosek <lprosek@redhat.com> Message-id: 20170512102100.22675-1-lprosek@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12usb-hub: clear PORT_STAT_SUSPEND on wakeupLadi Prosek1-0/+1
The spec says: Suspend: (PORT_SUSPEND) This field indicates whether or not the device on this port is suspended. Setting this field causes the device to suspend by not propagating bus traffic downstream. This field may be reset by a request or by resume signaling from the device attached to the port. I can't find any specific statement like "the PORT_SUSPEND field is reset automatically on remote wakeup", but without this patch, the only way to reset it is via the ClearPortFeature request so the ".. or by resume signaling from the device" clause is clearly not implemented on the remote wakeup path. The default xhci Windows driver does not issue the ClearPortFeature request and suspended devices attached to a hub don't properly get out of the suspended state. Interestingly, the default uhci Windows driver *does* issue the ClearPortFeature request and does not exhibit this problem. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Message-id: 20170511125314.24549-3-lprosek@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12xhci: fix loggingLadi Prosek1-5/+2
slotid and epid were deleted from XHCITransfer in commit d6fcb29. Also deleting one unused forward declaration. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Message-id: 20170511125314.24549-2-lprosek@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-12usb-redir: fix stack overflow in usbredir_log_dataGerd Hoffmann1-12/+1
Don't reinvent a broken wheel, just use the hexdump function we have. Impact: low, broken code doesn't run unless you have debug logging enabled. Reported-by: 李强 <liqiang6-s@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170509110128.27261-1-kraxel@redhat.com
2017-05-10Merge remote-tracking branch 'mjt/tags/trivial-patches-fetch' into stagingStefan Hajnoczi1-1/+4
trivial patches for 2017-05-10 # gpg: Signature made Wed 10 May 2017 03:19:30 AM EDT # gpg: using RSA key 0x701B4F6B1A693E59 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * mjt/tags/trivial-patches-fetch: (23 commits) tests: Remove redundant assignment MAINTAINERS: Update paths for AioContext implementation MAINTAINERS: Update paths for main loop jazz_led: fix bad snprintf tests: Ignore another built executable (test-hmp) scripts: Switch to more portable Perl shebang scripts/qemu-binfmt-conf.sh: Fix shell portability issue virtfs: allow a device id to be specified in the -virtfs option hw/core/generic-loader: Fix crash when running without CPU virtio-blk: Remove useless condition around g_free() qemu-doc: Fix broken URLs of amnhltm.zip and dosidle210.zip use _Static_assert in QEMU_BUILD_BUG_ON channel-file: fix wrong parameter comments block: Make 'replication_state' an enum util: Use g_malloc/g_free in envlist.c qga: fix compiler warnings (clang 5) device_tree: fix compiler warnings (clang 5) usb-ccid: make ccid_write_data_block() cope with null buffers tests: Ignore more test executables Add 'none' as type for drive's if option ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-09qobject: Use simpler QDict/QList scalar insertion macrosEric Blake1-6/+6
We now have macros in place to make it less verbose to add a scalar to QDict and QList, so use them. Patch created mechanically via: spatch --sp-file scripts/coccinelle/qobject.cocci \ --macro-file scripts/cocci-macro-file.h --dir . --in-place then touched up manually to fix a couple of '?:' back to original spacing, as well as avoiding a long line in monitor.c. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20170427215821.19397-7-eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2017-05-07usb-ccid: make ccid_write_data_block() cope with null buffersPhilippe Mathieu-Daudé1-1/+4
static code analyzer complain: hw/usb/dev-smartcard-reader.c:816:5: warning: Null pointer passed as an argument to a 'nonnull' parameter memcpy(p->abData, data, len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-05-04char: add a /chardevs containerMarc-André Lureau2-2/+2
Add a /chardevs container object to hold the list of chardevs. (Note: QTAILQ chardevs is going away in the following commits) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-04-26Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20170421-v2-tag' ↵Peter Maydell1-1/+1
into staging Xen 2017/04/21 + fix # gpg: Signature made Tue 25 Apr 2017 19:10:37 BST # gpg: using RSA key 0x894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # gpg: aka "Stefano Stabellini <sstabellini@kernel.org>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini/tags/xen-20170421-v2-tag: (21 commits) move xen-mapcache.c to hw/i386/xen/ move xen-hvm.c to hw/i386/xen/ move xen-common.c to hw/xen/ add xen-9p-backend to MAINTAINERS under Xen xen/9pfs: build and register Xen 9pfs backend xen/9pfs: send responses back to the frontend xen/9pfs: implement in/out_iov_from_pdu and vmarshal/vunmarshal xen/9pfs: receive requests from the frontend xen/9pfs: connect to the frontend xen/9pfs: introduce Xen 9pfs backend 9p: introduce a type for the 9p header xen: import ring.h from xen configure: use pkg-config for obtaining xen version xen: additionally restrict xenforeignmemory operations xen: use libxendevice model to restrict operations xen: use 5 digit xen versions xen: use libxendevicemodel when available configure: detect presence of libxendevicemodel xen: create wrappers for all other uses of xc_hvm_XXX() functions xen: rename xen_modified_memory() to xen_hvm_modified_memory() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-04-24error: Apply error_propagate_null.cocci againFam Zheng1-3/+1
Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20170421122710.15373-15-famz@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2017-04-21xen: import ring.h from xenStefano Stabellini1-1/+1
Do not use the ring.h header installed on the system. Instead, import the header into the QEMU codebase. This avoids problems when QEMU is built against a Xen version too old to provide all the ring macros. Signed-off-by: Stefano Stabellini <stefano@aporeto.com> Reviewed-by: Greg Kurz <groug@kaod.org> CC: anthony.perard@citrix.com CC: jgross@suse.com
2017-04-03usb-host: switch to LIBUSB_API_VERSIONGerd Hoffmann1-2/+5
libusbx doesn't exist any more, the fork got merged back to libusb. So stop using LIBUSBX_API_VERSION and use LIBUSB_API_VERSION instead. For backward compatibility alias LIBUSB_API_VERSION to LIBUSBX_API_VERSION in case we figure LIBUSB_API_VERSION isn't defined. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20170403105238.23262-1-kraxel@redhat.com
2017-04-03xhci: flush dequeue pointer to endpoint contextGerd Hoffmann1-1/+3
When done processing a endpoint ring we must update the dequeue pointer in the endpoint context in guest memory. This is needed to make sure the guest has a correct view of things and also to make live migration work properly, because xhci post_load restores alot of the state from xhci data structures in guest memory. Add xhci_set_ep_state() call to do that. The recursive calls stopped by commit ddb603ab6c981c1d67cb42266fc700c33e5b2d8f had the (unintentional) side effect to hiding this bug. xhci_set_ep_state() was called before processing, to set the state to running, which updated the dequeue pointer too. Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20170331102521.29253-1-kraxel@redhat.com
2017-03-19xen: do not build backends for targets that do not support xenStefano Stabellini1-1/+1
Change Makefile.objs to use CONFIG_XEN instead of CONFIG_XEN_BACKEND, so that the Xen backends are only built for targets that support Xen. Set CONFIG_XEN in the toplevel Makefile to ensure that files that are built only once pick up Xen support properly. Signed-off-by: Stefano Stabellini <stefano@aporeto.com> Tested-by: Greg Kurz <groug@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> CC: pbonzini@redhat.com CC: peter.maydell@linaro.org CC: rth@twiddle.net CC: stefanha@redhat.com Message-Id: <1489694518-16978-1-git-send-email-sstabellini@kernel.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-03-09ohci: relax link checkGerd Hoffmann1-1/+1
The strict td link limit added by commit "95ed569 usb: ohci: limit the number of link eds" causes problems with macos guests. Lets raise the limit. Reported-by: Programmingkid <programmingkidx@gmail.com> Reported-by: Howard Spoelstra <hsp.cat7@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: John Arbuckle <programmingkidx@gmail.com> Message-id: 1488876018-31576-1-git-send-email-kraxel@redhat.com
2017-03-02Merge remote-tracking branch ↵Peter Maydell1-19/+0
'remotes/dgilbert/tags/pull-migration-20170228a' into staging Migration pull Note: The 'postcopy: Update userfaultfd.h header' is part of Paolo's header update and will disappear if applied after it. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> # gpg: Signature made Tue 28 Feb 2017 12:38:34 GMT # gpg: using RSA key 0x0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20170228a: (27 commits) postcopy: Add extra check for COPY function postcopy: Add doc about hugepages and postcopy postcopy: Check for userfault+hugepage feature postcopy: Update userfaultfd.h header postcopy: Allow hugepages postcopy: Send whole huge pages postcopy: Mask fault addresses to huge page boundary postcopy: Load huge pages in one go postcopy: Use temporary for placing zero huge pages postcopy: Plumb pagesize down into place helpers postcopy: Record largest page size postcopy: enhance ram_block_discard_range for hugepages exec: ram_block_discard_range postcopy: Chunk discards for hugepages postcopy: Transmit and compare individual page sizes postcopy: Transmit ram size summary word migration: fix use-after-free of to_dst_file migration: Update docs to discourage version bumps migration: fix id leak regression migrate: Introduce a 'dc->vmsd' check to avoid segfault for --only-migratable ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-02Merge remote-tracking branch 'remotes/elmarco/tags/leak-pull-request' into ↵Peter Maydell2-0/+18
staging # gpg: Signature made Wed 01 Mar 2017 09:02:53 GMT # gpg: using RSA key 0xDAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/leak-pull-request: (28 commits) tests: fix virtio-blk-test leaks tests: add specialized device_find function tests: fix usb-test leaks tests: allows to run single test in usb-hcd-ehci-test usb: release the created buses bus: do not unref hotplug handler tests: fix virtio-9p-test leaks tests: fix virtio-scsi-test leak tests: fix e1000e leaks tests: fix i440fx-test leaks tests: fix e1000-test leak tests: fix tco-test leaks tests: fix eepro100-test leak pc: pcihp: avoid adding ACPI_PCIHP_PROP_BSEL twice tests: fix ipmi-bt-test leak tests: fix ipmi-kcs-test leak tests: fix bios-tables-test leak tests: fix hd-geo-test leaks tests: fix ide-test leaks tests: fix vhost-user-test leaks ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-01usb: release the created busesMarc-André Lureau2-0/+18
Leaks spotted by ASAN. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-28hw/block: Request permissionsKevin Wolf1-1/+5
This makes all device emulations with a qdev drive property request permissions on their BlockBackend. The only thing we block at this point is resizing images for some devices that can't support it. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Fam Zheng <famz@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2017-02-28migrate: Introduce a 'dc->vmsd' check to avoid segfault for --only-migratableAshijeet Acharya1-19/+0
Commit a3a3d8c7 introduced a segfault bug while checking for 'dc->vmsd->unmigratable' which caused QEMU to crash when trying to add devices which do no set their 'dc->vmsd' yet while initialization. Place a 'dc->vmsd' check prior to it so that we do not segfault for such devices. NOTE: This doesn't compromise the functioning of --only-migratable option as all the unmigratable devices do set their 'dc->vmsd'. Introduce a new function check_migratable() and move the only_migratable check inside it, also use stubs to avoid user-mode qemu build failures. Signed-off-by: Ashijeet Acharya <ashijeetacharya@gmail.com> Message-Id: <1487009088-23891-1-git-send-email-ashijeetacharya@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-02-23xhci: properties cleanupGerd Hoffmann1-3/+26
Split xhci properties into common and nec specific. Move the backward compat flags to nec, so the new qemu-xhci devices doesn't carry on the compatibiity stuff. Move the msi/msix switches too and just enable msix for qemu-xhci. Also move the intrs and slots properties. Wasn't a great idea to make them configurable in the first place, nobody needs this. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1487663432-10410-1-git-send-email-kraxel@redhat.com
2017-02-23usb: ohci: fix error return code in servicing tdLi Qiang1-1/+1
It should return 1 if an error occurs when reading td. This will avoid an infinite loop issue in ohci_service_ed_list. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1487760990-115925-1-git-send-email-liqiang6-s@360.cn Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-23usb: replace handle_destroy with unrealizeMarc-André Lureau11-24/+25
Curiously, unrealize() is not being used, but it seems more appropriate than handle_destroy() together with realize(). It is more ubiquitous destroy name in qemu code base and may throw errors. Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20170221141451.28305-25-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-21usb-ccid: add check message size checksGerd Hoffmann1-3/+10
Check message size too when figuring whenever we should expect more data. Fix debug message to show useful data, p->iov.size is fixed anyway if we land there, print how much we got meanwhile instead. Also check announced message size against actual message size. That is a more general fix for CVE-2017-5898 than commit "c7dfbf3 usb: ccid: check ccid apdu length". Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 1487250819-23764-4-git-send-email-kraxel@redhat.com
2017-02-21usb-ccid: move header size checkGerd Hoffmann1-7/+6
Move up header size check, so we can use header fields in sanity checks (in followup patches). Also reword the debug message. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 1487250819-23764-3-git-send-email-kraxel@redhat.com
2017-02-21usb-ccid: better bulk_out error handlingGerd Hoffmann1-55/+61
Add err goto label where we can jump to from all error conditions. STALL request on all errors. Reset position on all errors. Normal request processing is not in a else branch any more, so this code is reintended, there are no code changes in that part of the code though. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 1487250819-23764-2-git-send-email-kraxel@redhat.com
2017-02-21xhci: drop via vendor command handlingGerd Hoffmann1-31/+0
Seems pretty pointless, we don't emulate an via xhci controller. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486382139-30630-5-git-send-email-kraxel@redhat.com
2017-02-21xhci: fix nec vendor quirk handlingGerd Hoffmann1-15/+29
Only the TYPE_NEC_XHCI controller will have the nec vendor quirks. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486382139-30630-4-git-send-email-kraxel@redhat.com
2017-02-21xhci: add qemu xhci controllerGerd Hoffmann1-4/+36
Turn existing TYPE_XHCI into an abstract base class. Create two child classes, TYPE_NEC_XHCI (same name as old xhci controller) and TYPE_QEMU_XHCI (using an ID from our namespace). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Message-id: 1486382139-30630-3-git-send-email-kraxel@redhat.com
2017-02-21xhci: drop ER_FULL_HACK workaroundGerd Hoffmann1-106/+11
The nec/renesas driver problems have finally been debugged and root caused, see commit "7da76e1 xhci: fix event queue IRQ handling". It's pretty clear now that (a) The whole "driver can't handle ring full" story is most likely wrong. (b) The ER_FULL_HACK workaround based on the false assumtion doesn't much. It avoids the driver crashing (without commit 7da76e1), but it doesn't make usb work. (c) With 7da76e1 applied it doesn't trigger any more. So, lets kill it. Or, to be exact, lets almost kill it. Some data fields are kept unused in the state struct, for live migration backward compatibility. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486382139-30630-2-git-send-email-kraxel@redhat.com
2017-02-21xhci: apply limits to loopsGerd Hoffmann2-1/+15
Limits should be big enough that normal guest should not hit it. Add a tracepoint to log them, just in case. Also, while being at it, log the existing link trb limit too. Reported-by: 李强 <liqiang6-s@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486383669-6421-1-git-send-email-kraxel@redhat.com
2017-02-21usb: ohci: limit the number of link edsLi Qiang1-1/+8
The guest may builds an infinite loop with link eds. This patch limit the number of linked ed to avoid this. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-21usb: ohci: fix error return code in servicing iso tdLi Qiang1-1/+1
It should return 1 if an error occurs when reading iso td. This will avoid an infinite loop issue in ohci_service_ed_list. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 5899ac3e.1033240a.944d5.9a2d@mx.google.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-21usb: ehci: fix memory leak in ehciLi Qiang3-0/+15
In usb_ehci_init function, it initializes 's->ipacket', but there is no corresponding function to free this. As the ehci can be hotplug and unplug, this will leak host memory leak. In order to make the hierarchy clean, we should add a ehci pci finalize function, then call the clean function in ehci device. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 589a85b8.3c2b9d0a.b8e6.1434@mx.google.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-06xhci: fix event queue IRQ handlingGerd Hoffmann1-0/+13
The qemu xhci emulation doesn't handle the ERDP_EHB flag correctly. When the host adapter queues a new event the ERDP_EHB flag is set. The flag is cleared (via w1c) by the guest when it updates the ERDP (event ring dequeue pointer) register to notify the host adapter which events it has fetched. An IRQ must be raised in case the ERDP_EHB flag flips from clear to set. If the flag is set already (which implies there are events queued up which are not yet processed by the guest) xhci must *not* raise a IRQ. Qemu got that wrong and raised an IRQ on every event, thereby generating spurious interrupts in case we've queued events faster than the guest processed them. This patch fixes that. With that change in place we also have to check ERDP updates, to see whenever the guest has fetched all queued events. In case there are still pending events set ERDP_EHB and raise an IRQ again, to make sure the events don't linger unseen forever. The linux kernel driver and the microsoft windows driver (shipped with win8+) can deal with the spurious interrupts without problems. The renesas windows driver (v2.1.39) which can be used on older windows versions is quite upset though. It does spurious ERDP updates now and then (not every time, seems we must hit a race window for this to happen), which in turn makes the qemu xhci emulation think the event ring is full. Things go south from here ... tl;dr: This is the "fix xhci on win7" patch. Cc: M.Cerveny@computer.org Cc: 1373228@bugs.launchpad.net Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486104705-13761-1-git-send-email-kraxel@redhat.com
2017-02-06usb: ccid: check ccid apdu lengthPrasad J Pandit1-1/+1
CCID device emulator uses Application Protocol Data Units(APDU) to exchange command and responses to and from the host. The length in these units couldn't be greater than 65536. Add check to ensure the same. It'd also avoid potential integer overflow in emulated_apdu_from_guest. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20170202192228.10847-1-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>