[Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets
@ 2013-09-09  8:20 Hans de Goede
  2013-09-09 10:08 ` Paolo Bonzini
  2013-09-25 21:22 ` Doug Goldstein
  0 siblings, 2 replies; 4+ messages in thread
From: Hans de Goede @ 2013-09-09  8:20 UTC (permalink / raw)
  To: Gerd Hoffmann; +Cc: Hans de Goede, qemu-devel

The isoc packet path in the ehci code has a bad qobject cast, causing an
abort, this patch fixes this.

Note this problem is backported in 1.6.0 too, and this patch should be
backported to the 1.6.0 stable tree.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
 hw/usb/hcd-ehci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 010a0d0..77c4872 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1486,7 +1486,8 @@ static int ehci_process_itd(EHCIState *ehci,
                 return -1;
             }
 
-            qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
+            qemu_sglist_init(&ehci->isgl, BUS(&ehci->bus)->parent,
+                             2, ehci->as);
             if (off + len > 4096) {
                 /* transfer crosses page border */
                 uint32_t len2 = off + len - 4096;
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets
  2013-09-09  8:20 [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets Hans de Goede
@ 2013-09-09 10:08 ` Paolo Bonzini
  2013-09-25 21:22 ` Doug Goldstein
  1 sibling, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2013-09-09 10:08 UTC (permalink / raw)
  To: Hans de Goede; +Cc: qemu-stable, Gerd Hoffmann, qemu-devel

Il 09/09/2013 10:20, Hans de Goede ha scritto:
> The isoc packet path in the ehci code has a bad qobject cast, causing an
> abort, this patch fixes this.
> 
> Note this problem is backported in 1.6.0 too, and this patch should be
> backported to the 1.6.0 stable tree.
> 
> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> ---
>  hw/usb/hcd-ehci.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index 010a0d0..77c4872 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -1486,7 +1486,8 @@ static int ehci_process_itd(EHCIState *ehci,
>                  return -1;
>              }
>  
> -            qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
> +            qemu_sglist_init(&ehci->isgl, BUS(&ehci->bus)->parent,
> +                             2, ehci->as);
>              if (off + len > 4096) {
>                  /* transfer crosses page border */
>                  uint32_t len2 = off + len - 4096;
> 

... then qemu-stable should be CCed.

Paolo

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets
  2013-09-09  8:20 [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets Hans de Goede
  2013-09-09 10:08 ` Paolo Bonzini
@ 2013-09-25 21:22 ` Doug Goldstein
  2013-09-26  5:42   ` Gerd Hoffmann
  1 sibling, 1 reply; 4+ messages in thread
From: Doug Goldstein @ 2013-09-25 21:22 UTC (permalink / raw)
  To: Hans de Goede; +Cc: qemu-stable, Gerd Hoffmann, qemu-devel

On Mon, Sep 9, 2013 at 3:20 AM, Hans de Goede <hdegoede@redhat.com> wrote:
> The isoc packet path in the ehci code has a bad qobject cast, causing an
> abort, this patch fixes this.
>
> Note this problem is backported in 1.6.0 too, and this patch should be
> backported to the 1.6.0 stable tree.
>
> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> ---
>  hw/usb/hcd-ehci.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index 010a0d0..77c4872 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -1486,7 +1486,8 @@ static int ehci_process_itd(EHCIState *ehci,
>                  return -1;
>              }
>
> -            qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
> +            qemu_sglist_init(&ehci->isgl, BUS(&ehci->bus)->parent,
> +                             2, ehci->as);
>              if (off + len > 4096) {
>                  /* transfer crosses page border */
>                  uint32_t len2 = off + len - 4096;
> --
> 1.8.3.1
>
>

Ping. Don't see this in master (and as such its missing from mdroth's
1.6.1 patch set).

-- 
Doug Goldstein

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets
  2013-09-25 21:22 ` Doug Goldstein
@ 2013-09-26  5:42   ` Gerd Hoffmann
  0 siblings, 0 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2013-09-26  5:42 UTC (permalink / raw)
  To: Doug Goldstein; +Cc: Hans de Goede, qemu-devel, qemu-stable

  Hi,

> Ping. Don't see this in master (and as such its missing from mdroth's
> 1.6.1 patch set).

Different patch is in master: adbecc89731cf3e0ae656d50ea9fa58c589c4bdc
Yes, that one should be cherry-picked into stable.

thanks,
  Gerd

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-09-26  5:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-09  8:20 [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets Hans de Goede
2013-09-09 10:08 ` Paolo Bonzini
2013-09-25 21:22 ` Doug Goldstein
2013-09-26  5:42   ` Gerd Hoffmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).