@@ -1822,6 +1822,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
uint32_t ictl_ctx[2];
uint32_t slot_ctx[4];
uint32_t ep0_ctx[5];
+ uint32_t speed;
int i;
TRBCCode res;
@@ -1865,6 +1866,15 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
return CC_USB_TRANSACTION_ERROR;
}
+ /* Check for validness of the input contexts, see 6.2.2.1 */
+ speed = (slot_ctx[0] >> 20) & 0xf;
+ if (speed != uport->dev->speed + 1)
+ {
+ fprintf(stderr,"xhci: invalid device speed in slot context for slot %u (expected %d, got %d).\n",
+ slotid, uport->dev->speed+1, speed);
+ return CC_PARAMETER_ERROR;
+ }
+
for (i = 0; i < MAXSLOTS; i++) {
if (xhci->slots[i].uport == uport) {
fprintf(stderr, "xhci: port %s already assigned to slot %d\n",
If the supplied speed data doesn't match the device speed, return CC_PARAMETER_ERROR. See 6.2.2.1 of the xhci spec. Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info> --- Changes v1->v2: Added description to the patch hw/usb/hcd-xhci.c | 10 ++++++++++ 1 file changed, 10 insertions(+)