From patchwork Fri Oct 26 15:41:39 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sebastian Bauer X-Patchwork-Id: 194521 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 62FEF2C0095 for ; Sat, 27 Oct 2012 02:42:07 +1100 (EST) Received: from localhost ([::1]:36985 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TRm2v-0004Gc-Ke for incoming@patchwork.ozlabs.org; Fri, 26 Oct 2012 11:42:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55804) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TRm2o-0004Fr-Kf for qemu-devel@nongnu.org; Fri, 26 Oct 2012 11:41:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TRm2g-0008If-QF for qemu-devel@nongnu.org; Fri, 26 Oct 2012 11:41:58 -0400 Received: from relay2.mail.vrmd.de ([81.28.224.28]:40592) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TRm2g-0008IY-Jt for qemu-devel@nongnu.org; Fri, 26 Oct 2012 11:41:50 -0400 Received: from [77.186.105.229] (helo=stan.fritz.box) by relay2.mail.vrmd.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1TRm2e-0004nC-Ia; Fri, 26 Oct 2012 17:41:48 +0200 From: Sebastian Bauer To: qemu-devel@nongnu.org Date: Fri, 26 Oct 2012 17:41:39 +0200 Message-Id: <1351266099-5301-1-git-send-email-mail@sebastianbauer.info> X-Mailer: git-send-email 1.7.10.4 X-Relay-User: mail@sebastianbauer.info X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 81.28.224.28 Cc: Sebastian Bauer Subject: [Qemu-devel] [PATCH v2] xhci: check speed field of the input context of a set address command. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org If the supplied speed data doesn't match the device speed, return CC_PARAMETER_ERROR. See 6.2.2.1 of the xhci spec. Signed-off-by: Sebastian Bauer --- Changes v1->v2: Added description to the patch hw/usb/hcd-xhci.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 37b3dbb..32a3681 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1822,6 +1822,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, uint32_t ictl_ctx[2]; uint32_t slot_ctx[4]; uint32_t ep0_ctx[5]; + uint32_t speed; int i; TRBCCode res; @@ -1865,6 +1866,15 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, return CC_USB_TRANSACTION_ERROR; } + /* Check for validness of the input contexts, see 6.2.2.1 */ + speed = (slot_ctx[0] >> 20) & 0xf; + if (speed != uport->dev->speed + 1) + { + fprintf(stderr,"xhci: invalid device speed in slot context for slot %u (expected %d, got %d).\n", + slotid, uport->dev->speed+1, speed); + return CC_PARAMETER_ERROR; + } + for (i = 0; i < MAXSLOTS; i++) { if (xhci->slots[i].uport == uport) { fprintf(stderr, "xhci: port %s already assigned to slot %d\n",