[Qemu-devel] [PULL 0/3] usb patch queue

[Qemu-devel] [PULL 0/3] usb patch queue

[Gerd Hoffmann]

  Hi,

Three fixes accumulated during the freeze.

please pull,
  Gerd

The following changes since commit 860a3b34854d8abe9af9f1eb584691de926ce897:

  Update version for v2.6.0-rc5 release (2016-05-09 14:08:12 +0100)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/pull-usb-20160511-1

for you to fetch changes up to a277c3e094d5e9f653ccc861f59e07c94c7fe6c7:

  usb: Support compilation without poll.h (2016-05-11 10:37:39 +0200)

----------------------------------------------------------------
usb: misc fixes

----------------------------------------------------------------
Isaac Lozano (1):
      usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't complain

Roman Kagan (1):
      usb:xhci: no DMA on HC reset

Stefan Weil (1):
      usb: Support compilation without poll.h

 hw/usb/dev-mtp.c     |  4 ++--
 hw/usb/hcd-xhci.c    |  5 ++++-
 hw/usb/host-libusb.c | 13 ++++++++++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

[Qemu-devel] [PULL 1/3] usb:xhci: no DMA on HC reset

[Gerd Hoffmann]

From: Roman Kagan <rkagan@virtuozzo.com>

This patch is a rough fix to a memory corruption we are observing when
running VMs with xhci USB controller and OVMF firmware.

Specifically, on the following call chain

xhci_reset
  xhci_disable_slot
    xhci_disable_ep
      xhci_set_ep_state

QEMU overwrites guest memory using stale guest addresses.

This doesn't happen when the guest (firmware) driver sets up xhci for
the first time as there are no slots configured yet.  However when the
firmware hands over the control to the OS some slots and endpoints are
already set up with their context in the guest RAM.  Now the OS' driver
resets the controller again and xhci_set_ep_state then reads and writes
that memory which is now owned by the OS.

As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the
device context base address array pointer is zero (indicating we're in
the HC reset and no DMA is possible).

Cc: qemu-stable@nongnu.org
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-id: 1462384435-1034-1-git-send-email-rkagan@virtuozzo.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/hcd-xhci.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index bcde8a2..43ba615 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1531,7 +1531,10 @@ static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid,
         usb_packet_cleanup(&epctx->transfers[i].packet);
     }
 
-    xhci_set_ep_state(xhci, epctx, NULL, EP_DISABLED);
+    /* only touch guest RAM if we're not resetting the HC */
+    if (xhci->dcbaap_low || xhci->dcbaap_high) {
+        xhci_set_ep_state(xhci, epctx, NULL, EP_DISABLED);
+    }
 
     timer_free(epctx->kick_timer);
     g_free(epctx);
-- 
1.8.3.1

[Qemu-devel] [PULL 2/3] usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't complain

[Gerd Hoffmann]

From: Isaac Lozano <109lozanoi@gmail.com>

If an application uses libmtp on the guest system,
it will complain with the warning message:
LIBMTP WARNING: VendorExtensionID: ffffffff
LIBMTP WARNING: VendorExtensionDesc: (null)
LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but
not a MTP device at all. Trying to continue anyway.

This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a
MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor
Extension Identification Message page and are what most physical devices
show.

Signed-off-by: Isaac Lozano <109lozanoi@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1460892593-5908-1-git-send-email-109lozanoi@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-mtp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index bda84a6..1be85ae 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -788,8 +788,8 @@ static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c)
     trace_usb_mtp_op_get_device_info(s->dev.addr);
 
     usb_mtp_add_u16(d, 100);
-    usb_mtp_add_u32(d, 0xffffffff);
-    usb_mtp_add_u16(d, 0x0101);
+    usb_mtp_add_u32(d, 0x00000006);
+    usb_mtp_add_u16(d, 0x0064);
     usb_mtp_add_wstr(d, L"");
     usb_mtp_add_u16(d, 0x0000);
 
-- 
1.8.3.1

[Qemu-devel] [PULL 3/3] usb: Support compilation without poll.h

[Gerd Hoffmann]

From: Stefan Weil <sw@weilnetz.de>

This is a hack to support compilation with Mingw-w64 which provides
a libusb-1.0 package, but no poll.h.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1458630800-10088-1-git-send-email-sw@weilnetz.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/host-libusb.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c
index 6458a94..8b774f4 100644
--- a/hw/usb/host-libusb.c
+++ b/hw/usb/host-libusb.c
@@ -34,7 +34,9 @@
  */
 
 #include "qemu/osdep.h"
+#ifndef CONFIG_WIN32
 #include <poll.h>
+#endif
 #include <libusb.h>
 
 #include "qapi/error.h"
@@ -204,6 +206,8 @@ static const char *err_names[] = {
 static libusb_context *ctx;
 static uint32_t loglevel;
 
+#ifndef CONFIG_WIN32
+
 static void usb_host_handle_fd(void *opaque)
 {
     struct timeval tv = { 0, 0 };
@@ -223,9 +227,13 @@ static void usb_host_del_fd(int fd, void *user_data)
     qemu_set_fd_handler(fd, NULL, NULL, NULL);
 }
 
+#endif /* !CONFIG_WIN32 */
+
 static int usb_host_init(void)
 {
+#ifndef CONFIG_WIN32
     const struct libusb_pollfd **poll;
+#endif
     int i, rc;
 
     if (ctx) {
@@ -236,7 +244,9 @@ static int usb_host_init(void)
         return -1;
     }
     libusb_set_debug(ctx, loglevel);
-
+#ifdef CONFIG_WIN32
+    /* FIXME: add support for Windows. */
+#else
     libusb_set_pollfd_notifiers(ctx, usb_host_add_fd,
                                 usb_host_del_fd,
                                 ctx);
@@ -247,6 +257,7 @@ static int usb_host_init(void)
         }
     }
     free(poll);
+#endif
     return 0;
 }
 
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 0/3] usb patch queue

[Peter Maydell]

On 11 May 2016 at 12:19, Gerd Hoffmann <kraxel@redhat.com> wrote:
>   Hi,
>
> Three fixes accumulated during the freeze.
>
> please pull,
>   Gerd
>
> The following changes since commit 860a3b34854d8abe9af9f1eb584691de926ce897:
>
>   Update version for v2.6.0-rc5 release (2016-05-09 14:08:12 +0100)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/pull-usb-20160511-1
>
> for you to fetch changes up to a277c3e094d5e9f653ccc861f59e07c94c7fe6c7:
>
>   usb: Support compilation without poll.h (2016-05-11 10:37:39 +0200)
>
> ----------------------------------------------------------------
> usb: misc fixes
>
> ----------------------------------------------------------------
> Isaac Lozano (1):
>       usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't complain
>
> Roman Kagan (1):
>       usb:xhci: no DMA on HC reset
>
> Stefan Weil (1):
>       usb: Support compilation without poll.h

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/3] usb patch queue

[Gerd Hoffmann]

  Hi,

usb patch queue, with cleanups and a ohci fix.

please pull,
  Gerd

The following changes since commit 796b288f7be875045670f963ce99991b3c8e96ac:

  Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging (2017-02-21 15:48:22 +0000)

are available in the git repository at:


  git://git.kraxel.org/qemu tags/pull-usb-20170223-1

for you to fetch changes up to 4f72b8d2a6f5777fa1af2cf5184843e4cb06f182:

  xhci: properties cleanup (2017-02-23 16:18:03 +0100)

----------------------------------------------------------------
usb: ohci bugfix, switch core to unrealize, xhci property cleanup

----------------------------------------------------------------
Gerd Hoffmann (1):
      xhci: properties cleanup

Li Qiang (1):
      usb: ohci: fix error return code in servicing td

Marc-André Lureau (1):
      usb: replace handle_destroy with unrealize

 hw/usb/bus.c                  |  9 +++++----
 hw/usb/dev-audio.c            |  4 ++--
 hw/usb/dev-bluetooth.c        |  4 ++--
 hw/usb/dev-hid.c              |  4 ++--
 hw/usb/dev-hub.c              |  4 ++--
 hw/usb/dev-network.c          |  4 ++--
 hw/usb/dev-smartcard-reader.c |  4 ++--
 hw/usb/dev-uas.c              |  4 ++--
 hw/usb/dev-wacom.c            |  4 ++--
 hw/usb/hcd-ohci.c             |  2 +-
 hw/usb/hcd-xhci.c             | 29 ++++++++++++++++++++++++++---
 hw/usb/host-libusb.c          |  4 ++--
 hw/usb/redirect.c             |  4 ++--
 include/hw/usb.h              |  5 -----
 14 files changed, 52 insertions(+), 33 deletions(-)

Re: [Qemu-devel] [PULL 0/3] usb patch queue

[Peter Maydell]

On 23 February 2017 at 15:40, Gerd Hoffmann <kraxel@redhat.com> wrote:
>   Hi,
>
> usb patch queue, with cleanups and a ohci fix.
>
> please pull,
>   Gerd
>
> The following changes since commit 796b288f7be875045670f963ce99991b3c8e96ac:
>
>   Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging (2017-02-21 15:48:22 +0000)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-usb-20170223-1
>
> for you to fetch changes up to 4f72b8d2a6f5777fa1af2cf5184843e4cb06f182:
>
>   xhci: properties cleanup (2017-02-23 16:18:03 +0100)
>
> ----------------------------------------------------------------
> usb: ohci bugfix, switch core to unrealize, xhci property cleanup
>
> ----------------------------------------------------------------
> Gerd Hoffmann (1):
>       xhci: properties cleanup
>
> Li Qiang (1):
>       usb: ohci: fix error return code in servicing td
>
> Marc-André Lureau (1):
>       usb: replace handle_destroy with unrealize

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/3] usb patch queue

[Gerd Hoffmann]

  Hi,

Here is the usb patch queue with some small tweaks.

please pull,
  Gerd

The following changes since commit 26c7be842637ee65a79cd77f96a99c23ddcd90ad:

  Merge remote-tracking branch 'remotes/sstabellini/tags/2015-10-19-tag' into staging (2015-10-19 12:13:27 +0100)

are available in the git repository at:


  git://git.kraxel.org/qemu tags/pull-usb-20151020-1

for you to fetch changes up to 37bc43f7fbfb38003550b327002e59d21b80a3e4:

  usb-audio: increate default buffer size (2015-10-20 09:15:23 +0200)

----------------------------------------------------------------
usb: misc small tweaks.

----------------------------------------------------------------
Gerd Hoffmann (3):
      usb-host: add wakeup call for iso xfers
      usb: print device id in "info usb" monitor command
      usb-audio: increate default buffer size

 hw/usb/bus.c         | 9 ++++++---
 hw/usb/dev-audio.c   | 2 +-
 hw/usb/host-libusb.c | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

Re: [Qemu-devel] [PULL 0/3] usb patch queue

[Peter Maydell]

On 20 October 2015 at 08:25, Gerd Hoffmann <kraxel@redhat.com> wrote:
>   Hi,
>
> Here is the usb patch queue with some small tweaks.
>
> please pull,
>   Gerd
>
> The following changes since commit 26c7be842637ee65a79cd77f96a99c23ddcd90ad:
>
>   Merge remote-tracking branch 'remotes/sstabellini/tags/2015-10-19-tag' into staging (2015-10-19 12:13:27 +0100)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-usb-20151020-1
>
> for you to fetch changes up to 37bc43f7fbfb38003550b327002e59d21b80a3e4:
>
>   usb-audio: increate default buffer size (2015-10-20 09:15:23 +0200)
>
> ----------------------------------------------------------------
> usb: misc small tweaks.

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 0/3] usb patch queue

[Gerd Hoffmann]

  Hi,

Pretty small this time with just a few bugfixes.

please pull,
  Gerd

The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:

  ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)

are available in the git repository at:
  git://git.kraxel.org/qemu usb.67

Hans de Goede (3):
      usb-redir: Change usbredir_open_chardev into usbredir_create_parser
      usb-redir: Don't make migration fail in none seamless case
      uhci: Raise interrupt when requested even for non active tds

 hw/usb/hcd-uhci.c |   10 +++++++++-
 hw/usb/redirect.c |   24 ++++++++++++++----------
 2 files changed, 23 insertions(+), 11 deletions(-)

Re: [Qemu-devel] [PULL 0/3] usb patch queue

[Anthony Liguori]

Gerd Hoffmann <kraxel@redhat.com> writes:

>   Hi,
>
> Pretty small this time with just a few bugfixes.
>
> please pull,
>   Gerd
>

Pulled. Thanks.

Regards,

Anthony Liguori

> The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:
>
>   ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)
>
> are available in the git repository at:
>   git://git.kraxel.org/qemu usb.67
>
> Hans de Goede (3):
>       usb-redir: Change usbredir_open_chardev into usbredir_create_parser
>       usb-redir: Don't make migration fail in none seamless case
>       uhci: Raise interrupt when requested even for non active tds
>
>  hw/usb/hcd-uhci.c |   10 +++++++++-
>  hw/usb/redirect.c |   24 ++++++++++++++----------
>  2 files changed, 23 insertions(+), 11 deletions(-)