From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36986) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VilUV-0006UP-H8 for qemu-devel@nongnu.org; Tue, 19 Nov 2013 08:37:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VilUP-0008Ch-Hp for qemu-devel@nongnu.org; Tue, 19 Nov 2013 08:37:19 -0500 Received: from mx1.redhat.com ([209.132.183.28]:10933) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VilUP-0008CX-91 for qemu-devel@nongnu.org; Tue, 19 Nov 2013 08:37:13 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAJDbC7I018111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 19 Nov 2013 08:37:12 -0500 From: Hans de Goede Date: Tue, 19 Nov 2013 14:36:59 +0100 Message-Id: <1384868224-15389-5-git-send-email-hdegoede@redhat.com> In-Reply-To: <1384868224-15389-1-git-send-email-hdegoede@redhat.com> References: <1384868224-15389-1-git-send-email-hdegoede@redhat.com> Subject: [Qemu-devel] [PATCH 4/9] xhci: Add a few missing checks for disconnected devices List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann Cc: Hans de Goede , qemu-devel@nongnu.org One of the reworks of qemu's usb core made changes to usb-port's disconnect handling. Now ports with a device will always have a non 0 dev member, but if the device is not attached (which is possible with usb redirection), dev->attached will be 0. So supplement all checks for dev to also check dev->attached, and add an extra check in a path where a device check was completely missing. This fixes various crashes (asserts triggering) I've been seeing when xhci attached usb devices get disconnected at the wrong time. Signed-off-by: Hans de Goede --- hw/usb/hcd-xhci.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 9368348..bafe085 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1600,7 +1600,8 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid, } if (!xhci->slots[slotid-1].uport || - !xhci->slots[slotid-1].uport->dev) { + !xhci->slots[slotid-1].uport->dev || + !xhci->slots[slotid-1].uport->dev->attached) { return CC_USB_TRANSACTION_ERROR; } @@ -2087,6 +2088,14 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, return; } + /* If the device has been detached, but the guest has not noticed this + yet the 2 above checks will succeed, but we must NOT continue */ + if (!xhci->slots[slotid - 1].uport || + !xhci->slots[slotid - 1].uport->dev || + !xhci->slots[slotid - 1].uport->dev->attached) { + return; + } + if (epctx->retry) { XHCITransfer *xfer = epctx->retry; @@ -2311,7 +2320,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, trace_usb_xhci_slot_address(slotid, uport->path); dev = uport->dev; - if (!dev) { + if (!dev || !dev->attached) { fprintf(stderr, "xhci: port %s not connected\n", uport->path); return CC_USB_TRANSACTION_ERROR; } -- 1.8.4.2