From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Hans de Goede <hdegoede@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH 27/36] uhci: Detect guest td re-use
Date: Thu, 25 Oct 2012 14:52:00 +0200 [thread overview]
Message-ID: <1351169529-10799-28-git-send-email-kraxel@redhat.com> (raw)
In-Reply-To: <1351169529-10799-1-git-send-email-kraxel@redhat.com>
From: Hans de Goede <hdegoede@redhat.com>
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-uhci.c | 33 ++++++++++++++++-----------------
1 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index 0984bee..c4f2f98 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -319,28 +319,18 @@ static void uhci_async_cancel_all(UHCIState *s)
}
}
-static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr,
- UHCI_TD *td)
+static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr)
{
- uint32_t token = uhci_queue_token(td);
UHCIQueue *queue;
UHCIAsync *async;
QTAILQ_FOREACH(queue, &s->queues, next) {
- if (queue->token == token) {
- break;
- }
- }
- if (queue == NULL) {
- return NULL;
- }
-
- QTAILQ_FOREACH(async, &queue->asyncs, next) {
- if (async->td_addr == td_addr) {
- return async;
+ QTAILQ_FOREACH(async, &queue->asyncs, next) {
+ if (async->td_addr == td_addr) {
+ return async;
+ }
}
}
-
return NULL;
}
@@ -805,11 +795,21 @@ out:
static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
UHCI_TD *td, uint32_t td_addr, uint32_t *int_mask)
{
- UHCIAsync *async;
int len = 0, max_len;
bool spd;
bool queuing = (q != NULL);
uint8_t pid = td->token & 0xff;
+ UHCIAsync *async = uhci_async_find_td(s, td_addr);
+
+ if (async) {
+ if (uhci_queue_verify(async->queue, qh_addr, td, td_addr, queuing)) {
+ assert(q == NULL || q == async->queue);
+ q = async->queue;
+ } else {
+ uhci_queue_free(async->queue, "guest re-used pending td");
+ async = NULL;
+ }
+ }
if (q == NULL) {
q = uhci_queue_find(s, td);
@@ -831,7 +831,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
return TD_RESULT_NEXT_QH;
}
- async = uhci_async_find_td(s, td_addr, td);
if (async) {
/* Already submitted */
async->queue->valid = 32;
--
1.7.1
next prev parent reply other threads:[~2012-10-25 12:52 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-25 12:51 [Qemu-devel] [PULL 00/36] usb patch queue Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 01/36] uhci: Properly unmap packets on cancel / invalid pid Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 02/36] uhci: Move checks to continue queuing to uhci_fill_queue() Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 03/36] ehci: Get rid of packet tbytes field Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 04/36] ehci: Set int flag on a short input packet Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 05/36] ehci: Improve latency of interrupt delivery and async schedule scanning Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 06/36] ehci: Speed up the timer of raising int from the async schedule Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 07/36] ehci: Detect going in circles when filling the queue Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 08/36] ehci: Retry to fill the queue while waiting for td completion Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 09/36] xhci: Add a xhci_ep_nuke_one_xfer helper function Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 10/36] usb: Rename __usb_packet_complete to usb_packet_complete_one Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 11/36] usb: Add USB_RET_ADD_TO_QUEUE packet result code Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 12/36] usb: Move clearing of queue on halt to the core Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 13/36] usb: Move short-not-ok handling " Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 14/36] usb: Add an int_req flag to USBPacket Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 15/36] usb: Enforce iso endpoints never returing USB_RET_ASYNC Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 16/36] uhci: No need to handle async completion of isoc packets Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 17/36] uhci: cleanup: Add an unlink call to uhci_async_cancel() Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 18/36] uhci: Don't retry on error Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 19/36] uhci: Drop unnecessary forward declaration of some static functions Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 20/36] uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 21/36] uhci: Rename UHCIAsync->td to UHCIAsync->td_addr Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 22/36] uhci: Add uhci_read_td() helper function Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 23/36] uhci: Make uhci_fill_queue() actually operate on an UHCIQueue Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 24/36] uhci: Store ep in UHCIQueue Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 25/36] uhci: Immediately free queues on device disconnect Gerd Hoffmann
2012-10-25 12:51 ` [Qemu-devel] [PATCH 26/36] uhci: Verify queue has not been changed by guest Gerd Hoffmann
2012-10-25 12:52 ` Gerd Hoffmann [this message]
2012-10-25 12:52 ` [Qemu-devel] [PATCH 28/36] uhci: When the guest marks a pending td non-active, cancel the queue Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 29/36] uhci: Always mark a queue valid when we encounter it Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 30/36] uhci: Retry to fill the queue while waiting for td completion Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 31/36] uhci: Use only one queue for ctrl endpoints Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 32/36] xhci: fix function name in error message Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 33/36] xhci: flush endpoint context unconditinally Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 34/36] xhci: allow disabling interrupters Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 35/36] xhci: make number of interrupters and slots configurable Gerd Hoffmann
2012-10-25 12:52 ` [Qemu-devel] [PATCH 36/36] xhci: fix usb name in caps Gerd Hoffmann
2012-10-29 19:25 ` [Qemu-devel] [PULL 00/36] usb patch queue Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1351169529-10799-28-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=hdegoede@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).