From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=35175 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PITFy-00039F-IN
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 16:40:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <one.timothy.jones@gmail.com>) id 1PITFx-0000cl-CW
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 16:40:02 -0500
Received: from mail-yx0-f173.google.com ([209.85.213.173]:38477)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <one.timothy.jones@gmail.com>) id 1PITFx-0000ce-5O
	for qemu-devel@nongnu.org; Tue, 16 Nov 2010 16:40:01 -0500
Received: by yxf34 with SMTP id 34so359200yxf.4
	for <qemu-devel@nongnu.org>; Tue, 16 Nov 2010 13:40:00 -0800 (PST)
Message-ID: <4CE2F9F5.6010709@gmail.com>
Date: Tue, 16 Nov 2010 16:39:01 -0500
From: TJ <one.timothy.jones@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [PATCH v3] Guest OS hangs on usb_add
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

This is a small patch to slightly "intelligentify" usb device and
config descriptor parsing. MX-950 bug work-around is not included.

Signed-off-by: Timothy Jones <one.timothy.jones@gmail.com>
---
 hw/usb.h    |    5 +++++
 usb-linux.c |   34 +++++++++++++++++++---------------
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/hw/usb.h b/hw/usb.h
index 00d2802..5c3528f 100644
--- a/hw/usb.h
+++ b/hw/usb.h
@@ -117,6 +117,11 @@
 #define USB_DT_INTERFACE		0x04
 #define USB_DT_ENDPOINT			0x05

+#define USB_DT_DEVICE_LEN		18
+#define USB_DT_CONFIG_LEN		9
+#define USB_DT_INTERFACE_LEN		9
+#define USB_DT_ENDPOINT_LEN		7
+
 #define USB_ENDPOINT_XFER_CONTROL	0
 #define USB_ENDPOINT_XFER_ISOC		1
 #define USB_ENDPOINT_XFER_BULK		2
diff --git a/usb-linux.c b/usb-linux.c
index c3c38ec..cf20399 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -290,7 +290,7 @@ static void async_cancel(USBPacket *unused, void *opaque)

 static int usb_host_claim_interfaces(USBHostDevice *dev, int configuration)
 {
-    int dev_descr_len, config_descr_len;
+    int dev_descr_len, config_descr_total_len;
     int interface, nb_interfaces;
     int ret, i;

@@ -299,32 +299,36 @@ static int usb_host_claim_interfaces(USBHostDevice *dev,
int configuration)

     DPRINTF("husb: claiming interfaces. config %d\n", configuration);

-    i = 0;
     dev_descr_len = dev->descr[0];
-    if (dev_descr_len > dev->descr_len) {
+
+    if (dev_descr_len > dev->descr_len || dev_descr_len < USB_DT_DEVICE_LEN ||
dev->descr[1] != USB_DT_DEVICE) {
+        fprintf(stderr, "husb: invalid device descriptor\n");
         goto fail;
     }

-    i += dev_descr_len;
-    while (i < dev->descr_len) {
+    for (i = dev_descr_len; i < dev->descr_len; ) {
         DPRINTF("husb: i is %d, descr_len is %d, dl %d, dt %d\n",
                 i, dev->descr_len,
                dev->descr[i], dev->descr[i+1]);

-        if (dev->descr[i+1] != USB_DT_CONFIG) {
-            i += dev->descr[i];
-            continue;
+        if (dev->descr[i] < 2) {
+            fprintf(stderr, "husb: invalid descriptor\n");
+            goto fail;
         }
-        config_descr_len = dev->descr[i];
+        if (dev->descr[i+1] == USB_DT_CONFIG) {
+            config_descr_total_len = dev->descr[i+2] + (dev->descr[i+3] << 8);

-        printf("husb: config #%d need %d\n", dev->descr[i + 5], configuration);
+            printf("husb: config #%d need %d\n", dev->descr[i + 5], configuration);

-        if (configuration < 0 || configuration == dev->descr[i + 5]) {
-            configuration = dev->descr[i + 5];
-            break;
-        }
+            if (configuration < 0 || configuration == dev->descr[i + 5]) {
+                configuration = dev->descr[i + 5];
+                break;
+            }

-        i += config_descr_len;
+            i += config_descr_total_len;
+        }
+        else
+            i += dev->descr[i];
     }

     if (i >= dev->descr_len) {
--
1.7.2.2