From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45787) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VIyOu-0007cS-UQ for qemu-devel@nongnu.org; Mon, 09 Sep 2013 06:09:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VIyOm-0004Rp-HG for qemu-devel@nongnu.org; Mon, 09 Sep 2013 06:08:56 -0400 Sender: Paolo Bonzini Message-ID: <522D9E34.7030408@redhat.com> Date: Mon, 09 Sep 2013 12:08:52 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1378714842-20500-1-git-send-email-hdegoede@redhat.com> In-Reply-To: <1378714842-20500-1-git-send-email-hdegoede@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] ehci: Fix crash with isoc usb packets List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Hans de Goede Cc: qemu-stable@nongnu.org, Gerd Hoffmann , qemu-devel@nongnu.org Il 09/09/2013 10:20, Hans de Goede ha scritto: > The isoc packet path in the ehci code has a bad qobject cast, causing an > abort, this patch fixes this. > > Note this problem is backported in 1.6.0 too, and this patch should be > backported to the 1.6.0 stable tree. > > Signed-off-by: Hans de Goede > --- > hw/usb/hcd-ehci.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c > index 010a0d0..77c4872 100644 > --- a/hw/usb/hcd-ehci.c > +++ b/hw/usb/hcd-ehci.c > @@ -1486,7 +1486,8 @@ static int ehci_process_itd(EHCIState *ehci, > return -1; > } > > - qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as); > + qemu_sglist_init(&ehci->isgl, BUS(&ehci->bus)->parent, > + 2, ehci->as); > if (off + len > 4096) { > /* transfer crosses page border */ > uint32_t len2 = off + len - 4096; > ... then qemu-stable should be CCed. Paolo