From patchwork Sun Apr 25 17:48:30 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "David S. Ahern" X-Patchwork-Id: 50945 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 61856B7D2A for ; Mon, 26 Apr 2010 03:55:14 +1000 (EST) Received: from localhost ([127.0.0.1]:54491 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O65zW-0001XE-1f for incoming@patchwork.ozlabs.org; Sun, 25 Apr 2010 13:51:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O65wq-0000wV-1Z for qemu-devel@nongnu.org; Sun, 25 Apr 2010 13:48:52 -0400 Received: from [140.186.70.92] (port=37641 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O65wo-0000va-CC for qemu-devel@nongnu.org; Sun, 25 Apr 2010 13:48:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O65wm-0003ia-KQ for qemu-devel@nongnu.org; Sun, 25 Apr 2010 13:48:50 -0400 Received: from sj-iport-6.cisco.com ([171.71.176.117]:33426) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O65wm-0003iQ-0X for qemu-devel@nongnu.org; Sun, 25 Apr 2010 13:48:48 -0400 Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-AV: E=Sophos;i="4.52,270,1270425600"; d="scan'208";a="520297430" Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 25 Apr 2010 17:48:47 +0000 Received: from localhost.localdomain (rcdn-vpn-client-10-89-6-86.cisco.com [10.89.6.86]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id o3PHmVSj006383; Sun, 25 Apr 2010 17:48:46 GMT From: David Ahern To: jan.kiszka@web.de Date: Sun, 25 Apr 2010 11:48:30 -0600 Message-Id: <1272217710-28120-2-git-send-email-daahern@cisco.com> X-Mailer: git-send-email 1.6.6.1 In-Reply-To: <1272217710-28120-1-git-send-email-daahern@cisco.com> References: <1272217710-28120-1-git-send-email-daahern@cisco.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. Cc: qemu-devel@nongnu.org, David Ahern Subject: [Qemu-devel] [PATCH] Improve detection of invalid entries in the async schedule X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Signed-off-by: David Ahern --- hw/usb-ehci.c | 41 +++++++++++++++++++++++++++++------------ 1 files changed, 29 insertions(+), 12 deletions(-) diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c index 29baf74..e2f8e54 100644 --- a/hw/usb-ehci.c +++ b/hw/usb-ehci.c @@ -144,7 +144,7 @@ #define NB_MAXINTRATE 8 // Max rate at which controller issues ints #define NB_PORTS 4 // Number of downstream ports #define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction -#define MAX_ITERATIONS 50 // Max number of states before we abort +#define MAX_ITERATIONS 20 // Max number of QH before we break the loop #define MAX_QH 100 // Max allowable queue heads in a chain /* Internal periodic / asynchronous schedule state machine states @@ -1319,6 +1319,11 @@ static int ehci_state_fetchentry(EHCIState *ehci, int async, int *state) } } #endif + if (entry < 0x1000) { + DPRINTF("fetchentry: entry invalid (0x%08x)\n", entry); + *state = EST_ACTIVE; + goto out; + } /* section 4.8, only QH in async schedule */ if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) { @@ -1348,6 +1353,7 @@ static int ehci_state_fetchentry(EHCIState *ehci, int async, int *state) return -1; } +out: return again; } @@ -1394,7 +1400,7 @@ static int ehci_state_fetchqh(EHCIState *ehci, int async, int *state) *state = EST_HORIZONTALQH; again = 1; - } else if (qh->token & QTD_TOKEN_ACTIVE) { + } else if ((qh->token & QTD_TOKEN_ACTIVE) && (qh->current_qtd > 0x1000)) { DPRINTF_ST("FETCHQH: Active, !Halt, execute - fetch qTD\n"); ehci->qtdaddr = qh->current_qtd; *state = EST_FETCHQTD; @@ -1499,10 +1505,17 @@ static int ehci_state_fetchqtd(EHCIState *ehci, int async, int *state) static int ehci_state_horizqh(EHCIState *ehci, int async, int *state) { - ehci->fetch_addr = ehci->qh.next; - *state = EST_FETCHENTRY; + int again = 0; - return 1; + if (ehci->fetch_addr != ehci->qh.next) { + ehci->fetch_addr = ehci->qh.next; + *state = EST_FETCHENTRY; + again = 1; + } else { + *state = EST_ACTIVE; + } + + return again; } static int ehci_state_execute(EHCIState *ehci, int async, int *state) @@ -1682,11 +1695,17 @@ static int ehci_advance_state(EHCIState *ehci, int iter = 0; do { - iter++; - if (iter > MAX_ITERATIONS) { - DPRINTF("\n*** advance_state: bailing on MAX ITERATIONS***\n\n"); - state = EST_ACTIVE; - break; + if (state == EST_FETCHQH) { + iter++; + /* if we are roaming a lot of QH without executing a qTD + * something is wrong with the linked list. TO-DO: why is + * this hack needed? + */ + if (iter > MAX_ITERATIONS) { + DPRINTF("\n*** advance_state: bailing on MAX ITERATIONS***\n"); + state = EST_ACTIVE; + break; + } } switch(state) { case EST_WAITLISTHEAD: @@ -1723,12 +1742,10 @@ static int ehci_advance_state(EHCIState *ehci, break; case EST_EXECUTING: - iter = 0; again = ehci_state_executing(ehci, async, &state); break; case EST_WRITEBACK: - iter = 0; again = ehci_state_writeback(ehci, async, &state); break;