[Qemu-devel] [PULL 0/2] Usb 20180703 patches

[Qemu-devel] [PULL 0/2] Usb 20180703 patches

[Gerd Hoffmann]

The following changes since commit ab08440a4ee09032d1a9cb22fdcab23bc7e1c656:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180702' into staging (2018-07-02 17:57:46 +0100)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/usb-20180703-pull-request

for you to fetch changes up to 8f36ec708834dfad58af6feb0b69bb0be6077f0f:

  xhci: fix guest-triggerable assert (2018-07-03 09:50:39 +0200)

----------------------------------------------------------------
usb: bugfixes for ehci and xhci.

----------------------------------------------------------------

Gerd Hoffmann (1):
  xhci: fix guest-triggerable assert

Sebastian Bauer (1):
  ehci: Don't fetch a NULL current qtd but advance the queue instead.

 hw/usb/hcd-ehci.c | 3 ++-
 hw/usb/hcd-xhci.c | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

-- 
2.9.3

[Qemu-devel] [PULL 1/2] ehci: Don't fetch a NULL current qtd but advance the queue instead.

[Gerd Hoffmann]

From: Sebastian Bauer <mail@sebastianbauer.info>

Fetching qtd with the NULL address most likely makes no sense so from now
on, we handle it this case similarly as if the terminate (T) bit is not
set, which is already an exception as according to section 3.6 of the EHCI
spec there is no T bit defined for the current_qtd field.

The spec is a bit vague on how an EHCI driver should initialize these
fields: "The general operational model is that the host controller can
detect whether the overlay area contains a description of an active
transfer" (p. 49). QEMU primarily uses the QTD_TOKEN_ACTIVE bit of the
queue header to infer the activity state but there are other ways
conceivable.

This change allows QEMU to boot further into AmigaOS. The public available
version of the EHCI driver recycles queue heads in some rare conditions but
only clears the current_qtd field but not the status field. This works with
many available EHCI PCI cards but e.g., not with the Freescale USB
controller's found on the P5040. On the emulated EHCI controller of QEMU
the consequence is that some garbage was read in, which resulted in a
reset of the controller. This change fixes the problem.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20180625222718.4488-1-mail@sebastianbauer.info
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/hcd-ehci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 0134232627..e5acfc5ba5 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1672,7 +1672,8 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
         ehci_set_state(ehci, async, EST_HORIZONTALQH);
 
     } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
-               (NLPTR_TBIT(q->qh.current_qtd) == 0)) {
+               (NLPTR_TBIT(q->qh.current_qtd) == 0) &&
+               (q->qh.current_qtd != 0)) {
         q->qtdaddr = q->qh.current_qtd;
         ehci_set_state(ehci, async, EST_FETCHQTD);
 
-- 
2.9.3

[Qemu-devel] [PULL 2/2] xhci: fix guest-triggerable assert

[Gerd Hoffmann]

Set xhci into error state instead of throwing a core dump.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180702162752.29233-1-kraxel@redhat.com
---
 hw/usb/hcd-xhci.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 721beb5486..8f1a01a405 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1954,7 +1954,12 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
         for (i = 0; i < length; i++) {
             TRBType type;
             type = xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL);
-            assert(type);
+            if (!type) {
+                xhci_die(xhci);
+                xhci_ep_free_xfer(xfer);
+                epctx->kick_active--;
+                return;
+            }
         }
         xfer->streamid = streamid;
 
-- 
2.9.3

Re: [Qemu-devel] [PULL 0/2] Usb 20180703 patches

[Peter Maydell]

On 3 July 2018 at 09:28, Gerd Hoffmann <kraxel@redhat.com> wrote:
> The following changes since commit ab08440a4ee09032d1a9cb22fdcab23bc7e1c656:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180702' into staging (2018-07-02 17:57:46 +0100)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/usb-20180703-pull-request
>
> for you to fetch changes up to 8f36ec708834dfad58af6feb0b69bb0be6077f0f:
>
>   xhci: fix guest-triggerable assert (2018-07-03 09:50:39 +0200)
>
> ----------------------------------------------------------------
> usb: bugfixes for ehci and xhci.
>
> ----------------------------------------------------------------
>
> Gerd Hoffmann (1):
>   xhci: fix guest-triggerable assert
>
> Sebastian Bauer (1):
>   ehci: Don't fetch a NULL current qtd but advance the queue instead.
>
>  hw/usb/hcd-ehci.c | 3 ++-
>  hw/usb/hcd-xhci.c | 7 ++++++-
>  2 files changed, 8 insertions(+), 2 deletions(-)

Applied, thanks.

-- PMM