Patchwork [Bug,1209180,NEW] hw/usb/core.c:415: usb_handle_packet: Assertion `p->ep->type != 3 || (dev->flags & (1 << USB_DEV_FLAG_IS_HOST))' failed

login
register
mail settings
Submitter Lekensteyn
Date Aug. 7, 2013, 11:09 a.m.
Message ID <20130807110901.6617.23985.malonedeb@soybean.canonical.com>
Download mbox | patch
Permalink /patch/265519/
State New
Headers show

Comments

Lekensteyn - Aug. 7, 2013, 11:09 a.m.
Public bug reported:

After the patch at http://lists.nongnu.org/archive/html/qemu-
devel/2013-05/msg01567.html, I cannot get my Logitech Unifying USB
receiver passed to the guest anymore.

Minimal reproduction command:

    qemu-system-x86_64 -usbdevice host:046d:c52b

Debug patch:


yields:

type=0 1 1 0x5555565de4c0 0x5555565de4c0
type=0 1 1 0x5555565de4c0 0x5555565de4c0
type=0 1 1 0x5555565de4c0 0x5555565de4c0
type=0 1 1 0x5555565de4c0 0x5555565de4c0
type=0 1 1 0x5555565de4c0 0x5555565de4c0
type=3 1 1 0x5555565de4c0 0x5555565de4c0
qemu-system-x86_64: hw/usb/core.c:415: usb_handle_packet: Assertion `p->ep->type != 3 || (dev->flags & (1 << USB_DEV_FLAG_IS_HOST))' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff10c61c9 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff10c61c9 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff10c75c8 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff10bf356 in __assert_fail_base () from /usr/lib/libc.so.6
#3  0x00007ffff10bf402 in __assert_fail () from /usr/lib/libc.so.6
#4  0x00005555556e4b38 in usb_handle_packet (dev=<optimized out>, p=p@entry=0x5555565da610) at hw/usb/core.c:414
#5  0x00005555556f93ef in uhci_handle_td (s=s@entry=0x5555565ce5d0, q=0x5555566a9dc0, q@entry=0x0, qh_addr=qh_addr@entry=980834, td=td@entry=0x7fffffffdd30, td_addr=<optimized out>, int_mask=int_mask@entry=0x7fffffffdd1c)
    at hw/usb/hcd-uhci.c:904
#6  0x00005555556f9949 in uhci_process_frame (s=s@entry=0x5555565ce5d0) at hw/usb/hcd-uhci.c:1084
#7  0x00005555556f9c35 in uhci_frame_timer (opaque=0x5555565ce5d0) at hw/usb/hcd-uhci.c:1183
#8  0x000055555573e086 in qemu_run_timers (clock=0x55555654e200) at qemu-timer.c:394
#9  0x000055555573e325 in qemu_run_timers (clock=<optimized out>) at qemu-timer.c:459
#10 qemu_run_all_timers () at qemu-timer.c:452
#11 0x0000555555711bee in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:470
#12 0x00005555555e0161 in main_loop () at vl.c:2029
#13 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4419

Looking around, I see that host-bsd.c and host-linux.c both set
USB_DEV_FLAG_IS_HOST, but host-libusbx.c doesn't do that.

Affected QEMU versions: 1.5.1, 1.5.2
Not affected: 1.5.0
libusb version: 1.0.16

** Affects: qemu
     Importance: Undecided
         Status: New
Lekensteyn - Aug. 7, 2013, 2:26 p.m.
Your observation is correct, but this is already fixed upstream:

commit 628e54857a82a3cb65ef96c12640c30d6307a064
Author: Gerd Hoffmann <kraxel@redhat.com>
Date:   Wed Jun 12 13:17:02 2013 +0200

    usb-host-libusb: set USB_DEV_FLAG_IS_HOST

** Changed in: qemu
       Status: New => Fix Committed
Lekensteyn - Aug. 8, 2013, 1:59 p.m.
Thanks, this works as expected. Can this get backported to 1.5.x?
Lekensteyn - Aug. 25, 2013, 9:59 a.m.
** Changed in: qemu
       Status: Fix Committed => Fix Released

Patch

diff --git a/hw/usb/core.c b/hw/usb/core.c
index 05948ca..20753cc 100644
--- a/hw/usb/core.c
+++ b/hw/usb/core.c
@@ -409,6 +409,8 @@  void usb_handle_packet(USBDevice *dev, USBPacket *p)
             /* hcd drivers cannot handle async for isoc */
             assert(p->ep->type != USB_ENDPOINT_XFER_ISOC);
             /* using async for interrupt packets breaks migration */
+	    printf("type=%x %x %x %p %p\n", p->ep->type,
+	    	dev->flags, p->ep->dev->flags, dev, p->ep->dev);
             assert(p->ep->type != USB_ENDPOINT_XFER_INT ||
                    (dev->flags & (1 << USB_DEV_FLAG_IS_HOST)));
             usb_packet_set_state(p, USB_PACKET_ASYNC);