[Qemu-devel] Guest OS hangs on usb_add

[Timothy Jones <one.timothy.jones@gmail.com>]

With some digging around I found out that the qemu hangs in
usb_host_claim_interfaces, which is caused by screwed up usb
descriptor. The device reports the following:

(gdb) p dev->descr_len
$21 = 50
(gdb) p /x dev->descr[0]@50
$23 = {0x18, 0x1, 0x0, 0x1, 0xff, 0xff, 0xff, 0x8, 0x47, 0x46, 0x0,
0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x2, 0x20,
  0x0, 0x1, 0x1, 0x0, 0x80, 0x19, 0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff,
0xff, 0x0, 0x7, 0x5, 0x81, 0x2, 0x40, 0x0, 0x0,
  0x7, 0x5, 0x3, 0x2, 0x10, 0x0, 0x0}

The first 0x18 (Device Descriptor bLength) is supposed to be decimal
18, not hex! According to USB spec, if the device reports size greater
than expected, the host is supposed ignore the extra bytes. So qemu
behaves correctly here. However, with this length, the following
Configuration Descriptor length falls on a 0x0 and so the qemu spins
in an endless loop. (This is prolly something that should be detected
and reported as error by qemu.)

My question is: This 0x18 -- is this something that comes from the
device itself (ie, firmware bug)? Or does it come from the USB
subsystem?

I don't mind writing a small patch to make descriptor parsing a bit
more intelligent, but I am very unfamiliar with the code, so I might
botch things up. Or is the above data sufficient for one of the devs
to take a look at the code and improve it?

Thank you.

-TJ


---------- Forwarded message ----------
From: Timothy Jones <one.timothy.jones@gmail.com>
Date: Wed, Jun 23, 2010 at 2:21 PM
Subject: Guest OS hangs on usb_add
To: qemu-devel@nongnu.org


I am trying to attach universal remote control (URC MX-950) to Windows
XP guest as follows:

==============================
(qemu) info usbhost
  Device 1.1, speed 480 Mb/s
    Hub: USB device 1d6b:0002, EHCI Host Controller
  Device 2.1, speed 480 Mb/s
    Hub: USB device 1d6b:0002, EHCI Host Controller
  Device 1.2, speed 480 Mb/s
    Hub: USB device 8087:0020
  Device 2.2, speed 480 Mb/s
    Hub: USB device 8087:0020
  Device 1.3, speed 480 Mb/s
    Class ef: USB device 0c45:6416, Laptop_Integrated_Webcam_2M
  Device 2.5, speed 12 Mb/s
    Vendor Specific: USB device 4647:3000     <-------- MX-950 USB remote
  Device 2.4, speed 1.5 Mb/s
    Class 00: USB device 05ac:0304, Apple Optical USB Mouse

(qemu) usb_add host:4647:3000

usb_create: no bus specified, using "usb.0" for "usb-host"
husb: open device 2.5
==============================

The guest just freezes including the monitor and pegs one of the cores
on host OS at 100%.

I tried the same with 2 other devices on the above list (Apple Mouse
and Webcam) and both worked fine.

I am running: (qemu) info version
0.12.50 (qemu-kvm-devel)

Host: Linux studio 2.6.34-gentoo-r1 #2 SMP Tue Jun 22 23:21:18 EDT
2010 x86_64 Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz GenuineIntel
GNU/Linux

Guest: Windows XP Pro SP3

FWIW, I tried the above with and without kvm and kvm-intel modules loaded.

Anybody know what could be causing this?

Thank you.

-TJ