| Message ID | 1455537697-9020-1-git-send-email-arei.gonglei@huawei.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/hw/usb/core.c b/hw/usb/core.c index bea5e1e..6fbcf00 100644 --- a/hw/usb/core.c +++ b/hw/usb/core.c @@ -716,7 +716,6 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep) if (ep == 0) { return &dev->ep_ctl; } - assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT); assert(ep > 0 && ep <= USB_MAX_ENDPOINTS); return eps + ep - 1; }
pid can be gotten from uhci device memory in uhci_handle_td(), so the guest can trigger assert qemu if we get an invalid pid. And the uhci spec 2.1.2 tells us The Host Controller sets Host Controller Process Error bit to 1 when it detects a fatal error and indicates that the Host Controller suffered a consistency check failure while processing a Transfer Descriptor. An example of a consistency check failure would be finding an illegal PID field while processing the packet header portion of the TD. We'd better to set UHCI_STS_HCPERR and kick an interrupt, but active assert Qemu, which follow the real hardware's spec. [Also fixed BZ 1070027] Signed-off-by: Gonglei <arei.gonglei@huawei.com> --- hw/usb/core.c | 1 - 1 file changed, 1 deletion(-)