Commit b8562561 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20170221-1' into staging 



xhci: add qemu-xhci device, some followup cleanups.
ccid: better sanity checking.
ehci: fix memory leak
ohci: bugfixes.

# gpg: Signature made Tue 21 Feb 2017 07:14:35 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20170221-1:
  usb-ccid: add check message size checks
  usb-ccid: move header size check
  usb-ccid: better bulk_out error handling
  xhci: drop via vendor command handling
  xhci: fix nec vendor quirk handling
  xhci: add qemu xhci controller
  xhci: drop ER_FULL_HACK workaround
  xhci: apply limits to loops
  usb: ohci: limit the number of link eds
  usb: ohci: fix error return code in servicing iso td
  usb: ehci: fix memory leak in ehci

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 56f9e46b 31fb4444

docs/specs/pci-ids.txt

+1 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ PCI devices (other than virtio): 
1b36:0009  PCI Expander Bridge (-device pxb)

1b36:000a  PCI-PCI bridge (multiseat)

1b36:000b  PCIe Expander Bridge (-device pxb-pcie)

1b36:000d  PCI xhci usb host adapter



All these devices are documented in docs/specs.

hw/usb/dev-smartcard-reader.c

+74 −62
Original line number Diff line number Diff line
@@ -1001,23 +1001,30 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) 
    CCID_Header *ccid_header;



    if (p->iov.size + s->bulk_out_pos > BULK_OUT_DATA_SIZE) {

        p->status = USB_RET_STALL;

        return;

        goto err;

    }

    ccid_header = (CCID_Header *)s->bulk_out_data;

    usb_packet_copy(p, s->bulk_out_data + s->bulk_out_pos, p->iov.size);

    s->bulk_out_pos += p->iov.size;

    if (p->iov.size == CCID_MAX_PACKET_SIZE) {

    if (s->bulk_out_pos < 10) {

        DPRINTF(s, 1, "%s: header incomplete\n", __func__);

        goto err;

    }



    ccid_header = (CCID_Header *)s->bulk_out_data;

    if ((s->bulk_out_pos - 10 < ccid_header->dwLength) &&

        (p->iov.size == CCID_MAX_PACKET_SIZE)) {

        DPRINTF(s, D_VERBOSE,

            "usb-ccid: bulk_in: expecting more packets (%zd/%d)\n",

            p->iov.size, ccid_header->dwLength);

                "usb-ccid: bulk_in: expecting more packets (%d/%d)\n",

                s->bulk_out_pos - 10, ccid_header->dwLength);

        return;

    }

    if (s->bulk_out_pos < 10) {

    if (s->bulk_out_pos - 10 != ccid_header->dwLength) {

        DPRINTF(s, 1,

                "%s: bad USB_TOKEN_OUT length, should be at least 10 bytes\n",

                __func__);

    } else {

                "usb-ccid: bulk_in: message size mismatch (got %d, expected %d)\n",

                s->bulk_out_pos - 10, ccid_header->dwLength);

        goto err;

    }



    DPRINTF(s, D_MORE_INFO, "%s %x %s\n", __func__,

            ccid_header->bMessageType,

            ccid_message_type_to_str(ccid_header->bMessageType));
@@ -1073,8 +1080,13 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) 
        ccid_write_slot_status(s, ccid_header);

        break;

    }

    }

    s->bulk_out_pos = 0;

    return;



err:

    p->status = USB_RET_STALL;

    s->bulk_out_pos = 0;

    return;

}



static void ccid_bulk_in_copy_to_guest(USBCCIDState *s, USBPacket *p)

hw/usb/hcd-ehci-pci.c

+9 −0
Original line number Diff line number Diff line
@@ -89,6 +89,14 @@ static void usb_ehci_pci_init(Object *obj) 
    usb_ehci_init(s, DEVICE(obj));

}



static void usb_ehci_pci_finalize(Object *obj)

{

    EHCIPCIState *i = PCI_EHCI(obj);

    EHCIState *s = &i->ehci;



    usb_ehci_finalize(s);

}



static void usb_ehci_pci_exit(PCIDevice *dev)

{

    EHCIPCIState *i = PCI_EHCI(dev);
@@ -159,6 +167,7 @@ static const TypeInfo ehci_pci_type_info = { 
    .parent = TYPE_PCI_DEVICE,

    .instance_size = sizeof(EHCIPCIState),

    .instance_init = usb_ehci_pci_init,

    .instance_finalize = usb_ehci_pci_finalize,

    .abstract = true,

    .class_init = ehci_class_init,

};

hw/usb/hcd-ehci.c

+5 −0
Original line number Diff line number Diff line
@@ -2545,6 +2545,11 @@ void usb_ehci_init(EHCIState *s, DeviceState *dev) 
                                &s->mem_ports);

}



void usb_ehci_finalize(EHCIState *s)

{

    usb_packet_cleanup(&s->ipacket);

}



/*

 * vim: expandtab ts=4

 */

hw/usb/hcd-ehci.h

+1 −0
Original line number Diff line number Diff line
@@ -323,6 +323,7 @@ struct EHCIState { 
extern const VMStateDescription vmstate_ehci;



void usb_ehci_init(EHCIState *s, DeviceState *dev);

void usb_ehci_finalize(EHCIState *s);

void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp);

void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp);

void ehci_reset(void *opaque);