From patchwork Wed Nov 14 16:21:41 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [06/10] ehci: Verify guest does not change the token of inflight qtd-s Date: Wed, 14 Nov 2012 06:21:41 -0000 From: Hans de Goede X-Patchwork-Id: 198961 Message-Id: <1352910105-10272-7-git-send-email-hdegoede@redhat.com> To: Gerd Hoffmann Cc: Hans de Goede , qemu-devel@nongnu.org This is not allowed, except for clearing active on cancellation, so don't warn when the new token does not have its active bit set. This unifies the cancellation path for modified qtd-s, and prepares ehci_verify_qtd to be used ad an extra check inside ehci_writeback_async_complete_packet(). Signed-off-by: Hans de Goede --- hw/usb/hcd-ehci.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index a694346..e565d6a 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -457,6 +457,7 @@ static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd) if (p->qtdaddr != p->queue->qtdaddr || (!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd->next)) || (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) || + p->qtd.token != qtd->token || p->qtd.bufptr[0] != qtd->bufptr[0]) { return false; } else { @@ -1748,7 +1749,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q) if (p != NULL) { if (!ehci_verify_qtd(p, &qtd)) { ehci_cancel_queue(q); - ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD"); + if (qtd.token & QTD_TOKEN_ACTIVE) { + ehci_trace_guest_bug(q->ehci, "guest updated active qTD"); + } p = NULL; } else { p->qtd = qtd; @@ -1757,11 +1760,6 @@ static int ehci_state_fetchqtd(EHCIQueue *q) } if (!(qtd.token & QTD_TOKEN_ACTIVE)) { - if (p != NULL) { - /* transfer canceled by guest (clear active) */ - ehci_cancel_queue(q); - p = NULL; - } ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); } else if (p != NULL) { switch (p->async) {