From patchwork Thu Nov 15 08:20:39 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 199219 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id AA5F52C00C1 for ; Thu, 15 Nov 2012 19:20:59 +1100 (EST) Received: from localhost ([::1]:41696 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TYugz-0001c9-Gt for incoming@patchwork.ozlabs.org; Thu, 15 Nov 2012 03:20:57 -0500 Received: from eggs.gnu.org ([208.118.235.92]:50240) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TYugp-0001aC-2L for qemu-devel@nongnu.org; Thu, 15 Nov 2012 03:20:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TYugm-0004wY-0C for qemu-devel@nongnu.org; Thu, 15 Nov 2012 03:20:47 -0500 Received: from david.siemens.de ([192.35.17.14]:15413) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TYugl-0004w7-Mi for qemu-devel@nongnu.org; Thu, 15 Nov 2012 03:20:43 -0500 Received: from mail1.siemens.de (localhost [127.0.0.1]) by david.siemens.de (8.13.6/8.13.6) with ESMTP id qAF8Keto021269; Thu, 15 Nov 2012 09:20:40 +0100 Received: from mchn199C.mchp.siemens.de ([139.22.116.190]) by mail1.siemens.de (8.13.6/8.13.6) with SMTP id qAF8KdB4005777; Thu, 15 Nov 2012 09:20:39 +0100 Message-ID: <50A4A5D7.8030508@siemens.com> Date: Thu, 15 Nov 2012 09:20:39 +0100 From: Jan Kiszka User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Gerd Hoffmann X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x X-Received-From: 192.35.17.14 Cc: Hans de Goede , qemu-devel Subject: [Qemu-devel] [PATCH] usb: uhci: Look up queue by address, not token X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The queue token is insufficient to identify if a TD belongs to it. What we need is the QH address. This fixes the case where the guest issues multiple asynchronous requests for the same EP. Signed-off-by: Jan Kiszka --- I'm not 100% this still fulfills the aim of "Verify queue has not been changed by guest". On the other hand, the current code looks quite wrong to me after studying the spec for a while. hw/usb/hcd-uhci.c | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index f4b555a..1434a3a 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -227,13 +227,12 @@ static void uhci_queue_free(UHCIQueue *queue, const char *reason) g_free(queue); } -static UHCIQueue *uhci_queue_find(UHCIState *s, UHCI_TD *td) +static UHCIQueue *uhci_queue_find(UHCIState *s, uint32_t qh_addr) { - uint32_t token = uhci_queue_token(td); UHCIQueue *queue; QTAILQ_FOREACH(queue, &s->queues, next) { - if (queue->token == token) { + if (queue->qh_addr == qh_addr) { return queue; } } @@ -841,7 +840,7 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr, } if (q == NULL) { - q = uhci_queue_find(s, td); + q = uhci_queue_find(s, qh_addr); if (q && !uhci_queue_verify(q, qh_addr, td, td_addr, queuing)) { uhci_queue_free(q, "guest re-used qh"); q = NULL;