[Qemu-devel] [PULL 0/4] usb patch queue

[Qemu-devel] [PULL 0/4] usb patch queue

[Gerd Hoffmann]

  Hi,

Here comes the usb patch queue, bringing little fixes and making usb
bluetooth support a compile time option.

please pull,
  Gerd

The following changes since commit 94c2b6aff43cdfcfdfb552773a6b6b973a72ef0b:

  mips_malta: support up to 2GiB RAM (2013-09-09 18:42:22 +0200)

are available in the git repository at:

  git://git.kraxel.org/qemu usb.89

for you to fetch changes up to adbecc89731cf3e0ae656d50ea9fa58c589c4bdc:

  ehci: save device pointer in EHCIState (2013-09-10 11:14:42 +0200)

----------------------------------------------------------------
Gerd Hoffmann (2):
      usb: sanity check setup_index+setup_len in post_load
      ehci: save device pointer in EHCIState

Miroslav Rezanina (2):
      Preparation for usb-bt-dongle conditional build
      Remove dev-bluetooth.c dependency from vl.c

 hw/bt/core.c           | 23 ++++++++++++++
 hw/bt/hci.c            | 48 +++++++++++++++++++++++++++++
 hw/usb/Makefile.objs   |  3 --
 hw/usb/bus.c           |  4 +++
 hw/usb/dev-bluetooth.c | 10 +++++-
 hw/usb/hcd-ehci.c      |  7 ++---
 hw/usb/hcd-ehci.h      |  1 +
 include/hw/bt.h        |  3 ++
 include/hw/usb.h       |  3 --
 vl.c                   | 82 +++-----------------------------------------------
 10 files changed, 95 insertions(+), 89 deletions(-)

[Qemu-devel] [PATCH 1/4] usb: sanity check setup_index+setup_len in post_load

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/bus.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/usb/bus.c b/hw/usb/bus.c
index 82ca6a1..72d5b92 100644
--- a/hw/usb/bus.c
+++ b/hw/usb/bus.c
@@ -47,6 +47,10 @@ static int usb_device_post_load(void *opaque, int version_id)
     } else {
         dev->attached = 1;
     }
+    if (dev->setup_index >= sizeof(dev->data_buf) ||
+        dev->setup_len >= sizeof(dev->data_buf)) {
+        return -EINVAL;
+    }
     return 0;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 2/4] Preparation for usb-bt-dongle conditional build

[Gerd Hoffmann]

From: Miroslav Rezanina <mrezanin@redhat.com>

To allow disable usb-bt-dongle device using CONFIG_BLUETOOTH option, some of
functions in vl.c file has to be made accessible in dev-bluetooth.c. This is
pure code moving.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/bt/core.c    | 23 +++++++++++++++++++
 hw/bt/hci.c     | 48 +++++++++++++++++++++++++++++++++++++++
 include/hw/bt.h |  3 +++
 vl.c            | 69 ---------------------------------------------------------
 4 files changed, 74 insertions(+), 69 deletions(-)

diff --git a/hw/bt/core.c b/hw/bt/core.c
index 49012e0..0ffc948 100644
--- a/hw/bt/core.c
+++ b/hw/bt/core.c
@@ -119,3 +119,26 @@ void bt_device_done(struct bt_device_s *dev)
 
     *p = dev->next;
 }
+
+static struct bt_vlan_s {
+    struct bt_scatternet_s net;
+    int id;
+    struct bt_vlan_s *next;
+} *first_bt_vlan;
+
+/* find or alloc a new bluetooth "VLAN" */
+struct bt_scatternet_s *qemu_find_bt_vlan(int id)
+{
+    struct bt_vlan_s **pvlan, *vlan;
+    for (vlan = first_bt_vlan; vlan != NULL; vlan = vlan->next) {
+        if (vlan->id == id)
+            return &vlan->net;
+    }
+    vlan = g_malloc0(sizeof(struct bt_vlan_s));
+    vlan->id = id;
+    pvlan = &first_bt_vlan;
+    while (*pvlan != NULL)
+        pvlan = &(*pvlan)->next;
+    *pvlan = vlan;
+    return &vlan->net;
+}
diff --git a/hw/bt/hci.c b/hw/bt/hci.c
index d1c0604..7ea3dc6 100644
--- a/hw/bt/hci.c
+++ b/hw/bt/hci.c
@@ -429,6 +429,24 @@ static const uint8_t bt_event_reserved_mask[8] = {
     0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00,
 };
 
+
+static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len)
+{
+}
+
+static int null_hci_addr_set(struct HCIInfo *hci, const uint8_t *bd_addr)
+{
+    return -ENOTSUP;
+}
+
+struct HCIInfo null_hci = {
+    .cmd_send = null_hci_send,
+    .sco_send = null_hci_send,
+    .acl_send = null_hci_send,
+    .bdaddr_set = null_hci_addr_set,
+};
+
+
 static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci,
                 int evt, int len)
 {
@@ -2176,6 +2194,36 @@ struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
     return &s->info;
 }
 
+struct HCIInfo *hci_init(const char *str)
+{
+    char *endp;
+    struct bt_scatternet_s *vlan = 0;
+
+    if (!strcmp(str, "null"))
+        /* null */
+        return &null_hci;
+    else if (!strncmp(str, "host", 4) && (str[4] == '\0' || str[4] == ':'))
+        /* host[:hciN] */
+        return bt_host_hci(str[4] ? str + 5 : "hci0");
+    else if (!strncmp(str, "hci", 3)) {
+        /* hci[,vlan=n] */
+        if (str[3]) {
+            if (!strncmp(str + 3, ",vlan=", 6)) {
+                vlan = qemu_find_bt_vlan(strtol(str + 9, &endp, 0));
+                if (*endp)
+                    vlan = 0;
+            }
+        } else
+            vlan = qemu_find_bt_vlan(0);
+        if (vlan)
+           return bt_new_hci(vlan);
+    }
+
+    fprintf(stderr, "qemu: Unknown bluetooth HCI `%s'.\n", str);
+
+    return 0;
+}
+
 static void bt_hci_done(struct HCIInfo *info)
 {
     struct bt_hci_s *hci = hci_from_info(info);
diff --git a/include/hw/bt.h b/include/hw/bt.h
index 3f365bc..cb2a7e6 100644
--- a/include/hw/bt.h
+++ b/include/hw/bt.h
@@ -108,12 +108,15 @@ struct bt_device_s {
     uint16_t clkoff;	/* Note: Always little-endian */
 };
 
+extern struct HCIInfo null_hci;
 /* bt.c */
 void bt_device_init(struct bt_device_s *dev, struct bt_scatternet_s *net);
 void bt_device_done(struct bt_device_s *dev);
+struct bt_scatternet_s *qemu_find_bt_vlan(int id);
 
 /* bt-hci.c */
 struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net);
+struct HCIInfo *hci_init(const char *str);
 
 /* bt-vhci.c */
 void bt_vhci_init(struct HCIInfo *info);
diff --git a/vl.c b/vl.c
index b4b119a..faefd9f 100644
--- a/vl.c
+++ b/vl.c
@@ -843,45 +843,6 @@ static int nb_hcis;
 static int cur_hci;
 static struct HCIInfo *hci_table[MAX_NICS];
 
-static struct bt_vlan_s {
-    struct bt_scatternet_s net;
-    int id;
-    struct bt_vlan_s *next;
-} *first_bt_vlan;
-
-/* find or alloc a new bluetooth "VLAN" */
-static struct bt_scatternet_s *qemu_find_bt_vlan(int id)
-{
-    struct bt_vlan_s **pvlan, *vlan;
-    for (vlan = first_bt_vlan; vlan != NULL; vlan = vlan->next) {
-        if (vlan->id == id)
-            return &vlan->net;
-    }
-    vlan = g_malloc0(sizeof(struct bt_vlan_s));
-    vlan->id = id;
-    pvlan = &first_bt_vlan;
-    while (*pvlan != NULL)
-        pvlan = &(*pvlan)->next;
-    *pvlan = vlan;
-    return &vlan->net;
-}
-
-static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len)
-{
-}
-
-static int null_hci_addr_set(struct HCIInfo *hci, const uint8_t *bd_addr)
-{
-    return -ENOTSUP;
-}
-
-static struct HCIInfo null_hci = {
-    .cmd_send = null_hci_send,
-    .sco_send = null_hci_send,
-    .acl_send = null_hci_send,
-    .bdaddr_set = null_hci_addr_set,
-};
-
 struct HCIInfo *qemu_next_hci(void)
 {
     if (cur_hci == nb_hcis)
@@ -890,36 +851,6 @@ struct HCIInfo *qemu_next_hci(void)
     return hci_table[cur_hci++];
 }
 
-static struct HCIInfo *hci_init(const char *str)
-{
-    char *endp;
-    struct bt_scatternet_s *vlan = 0;
-
-    if (!strcmp(str, "null"))
-        /* null */
-        return &null_hci;
-    else if (!strncmp(str, "host", 4) && (str[4] == '\0' || str[4] == ':'))
-        /* host[:hciN] */
-        return bt_host_hci(str[4] ? str + 5 : "hci0");
-    else if (!strncmp(str, "hci", 3)) {
-        /* hci[,vlan=n] */
-        if (str[3]) {
-            if (!strncmp(str + 3, ",vlan=", 6)) {
-                vlan = qemu_find_bt_vlan(strtol(str + 9, &endp, 0));
-                if (*endp)
-                    vlan = 0;
-            }
-        } else
-            vlan = qemu_find_bt_vlan(0);
-        if (vlan)
-           return bt_new_hci(vlan);
-    }
-
-    fprintf(stderr, "qemu: Unknown bluetooth HCI `%s'.\n", str);
-
-    return 0;
-}
-
 static int bt_hci_parse(const char *str)
 {
     struct HCIInfo *hci;
-- 
1.8.3.1

[Qemu-devel] [PATCH 3/4] Remove dev-bluetooth.c dependency from vl.c

[Gerd Hoffmann]

From: Miroslav Rezanina <mrezanin@redhat.com>

Use usb_legacy_register handling to create bt-dongle device and remove code
dependency from vl.c so CONFIG_USB_BLUETOOTH can be disabled.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/Makefile.objs   |  3 ---
 hw/usb/dev-bluetooth.c | 10 +++++++++-
 include/hw/usb.h       |  3 ---
 vl.c                   | 13 ++++---------
 4 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
index f9695e7..a3eac3e 100644
--- a/hw/usb/Makefile.objs
+++ b/hw/usb/Makefile.objs
@@ -18,9 +18,6 @@ common-obj-$(CONFIG_USB_STORAGE_UAS)  += dev-uas.o
 common-obj-$(CONFIG_USB_AUDIO)        += dev-audio.o
 common-obj-$(CONFIG_USB_SERIAL)       += dev-serial.o
 common-obj-$(CONFIG_USB_NETWORK)      += dev-network.o
-
-# FIXME: make configurable too
-CONFIG_USB_BLUETOOTH := y
 common-obj-$(CONFIG_USB_BLUETOOTH)    += dev-bluetooth.o
 
 ifeq ($(CONFIG_USB_SMARTCARD),y)
diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c
index f2fc2a8..7f292b1 100644
--- a/hw/usb/dev-bluetooth.c
+++ b/hw/usb/dev-bluetooth.c
@@ -511,10 +511,17 @@ static int usb_bt_initfn(USBDevice *dev)
     return 0;
 }
 
-USBDevice *usb_bt_init(USBBus *bus, HCIInfo *hci)
+static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline)
 {
     USBDevice *dev;
     struct USBBtState *s;
+    HCIInfo *hci;
+
+    if (*cmdline) {
+        hci = hci_init(cmdline);
+    } else {
+        hci = bt_new_hci(qemu_find_bt_vlan(0));
+    }
 
     if (!hci)
         return NULL;
@@ -566,6 +573,7 @@ static const TypeInfo bt_info = {
 static void usb_bt_register_types(void)
 {
     type_register_static(&bt_info);
+    usb_legacy_register("usb-bt-dongle", "bt", usb_bt_init);
 }
 
 type_init(usb_bt_register_types)
diff --git a/include/hw/usb.h b/include/hw/usb.h
index 1b8acba..a7680d4 100644
--- a/include/hw/usb.h
+++ b/include/hw/usb.h
@@ -442,9 +442,6 @@ int set_usb_string(uint8_t *buf, const char *str);
 USBDevice *usb_host_device_open(USBBus *bus, const char *devname);
 void usb_host_info(Monitor *mon, const QDict *qdict);
 
-/* usb-bt.c */
-USBDevice *usb_bt_init(USBBus *bus, HCIInfo *hci);
-
 /* usb ports of the VM */
 
 #define VM_USB_HUB_SIZE 8
diff --git a/vl.c b/vl.c
index faefd9f..4e709d5 100644
--- a/vl.c
+++ b/vl.c
@@ -1457,8 +1457,10 @@ static void configure_msg(QemuOpts *opts)
 
 static int usb_device_add(const char *devname)
 {
-    const char *p;
     USBDevice *dev = NULL;
+#ifndef CONFIG_LINUX
+    const char *p;
+#endif
 
     if (!usb_enabled(false)) {
         return -1;
@@ -1474,15 +1476,8 @@ static int usb_device_add(const char *devname)
     /* only the linux version is qdev-ified, usb-bsd still needs this */
     if (strstart(devname, "host:", &p)) {
         dev = usb_host_device_open(usb_bus_find(-1), p);
-    } else
-#endif
-    if (!strcmp(devname, "bt") || strstart(devname, "bt:", &p)) {
-        dev = usb_bt_init(usb_bus_find(-1),
-                          devname[2] ? hci_init(p)
-                                     : bt_new_hci(qemu_find_bt_vlan(0)));
-    } else {
-        return -1;
     }
+#endif
     if (!dev)
         return -1;
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 4/4] ehci: save device pointer in EHCIState

[Gerd Hoffmann]

We'll need a pointer to the actual pci/sysbus device,
stick a pointer to it into the EHCIState struct.

https://bugzilla.redhat.com/show_bug.cgi?id=1005495

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/hcd-ehci.c | 7 +++----
 hw/usb/hcd-ehci.h | 1 +
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 137e200..22bdbf4 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1241,13 +1241,11 @@ static int ehci_init_transfer(EHCIPacket *p)
 {
     uint32_t cpage, offset, bytes, plen;
     dma_addr_t page;
-    USBBus *bus = &p->queue->ehci->bus;
-    BusState *qbus = BUS(bus);
 
     cpage  = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
     bytes  = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
     offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
-    qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as);
+    qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
 
     while (bytes > 0) {
         if (cpage > 4) {
@@ -1486,7 +1484,7 @@ static int ehci_process_itd(EHCIState *ehci,
                 return -1;
             }
 
-            qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
+            qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
             if (off + len > 4096) {
                 /* transfer crosses page border */
                 uint32_t len2 = off + len - 4096;
@@ -2529,6 +2527,7 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
 
     s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_frame_timer, s);
     s->async_bh = qemu_bh_new(ehci_frame_timer, s);
+    s->device = dev;
 
     qemu_register_reset(ehci_reset, s);
     qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
index 15a28e8..065c9fa 100644
--- a/hw/usb/hcd-ehci.h
+++ b/hw/usb/hcd-ehci.h
@@ -255,6 +255,7 @@ typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead;
 
 struct EHCIState {
     USBBus bus;
+    DeviceState *device;
     qemu_irq irq;
     MemoryRegion mem;
     AddressSpace *as;
-- 
1.8.3.1