peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0315-ehci-Handle-USB_RET_PROCERR-in-ehci_fill_queue.patch

c8dfc6
From 1599d0b01712fb16c3ad291b653a31f768f7f5ef Mon Sep 17 00:00:00 2001
c8dfc6
From: Hans de Goede <hdegoede@redhat.com>
c8dfc6
Date: Mon, 3 Sep 2012 11:35:58 +0200
c8dfc6
Subject: [PATCH 315/366] ehci: Handle USB_RET_PROCERR in ehci_fill_queue
c8dfc6
c8dfc6
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
c8dfc6
then BUFFSIZE bytes), so don't assert on it.
c8dfc6
c8dfc6
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
c8dfc6
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
c8dfc6
---
c8dfc6
 hw/usb/hcd-ehci.c | 9 ++++++---
c8dfc6
 1 file changed, 6 insertions(+), 3 deletions(-)
c8dfc6
c8dfc6
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
c8dfc6
index d87aca8..2534394 100644
c8dfc6
--- a/hw/usb/hcd-ehci.c
c8dfc6
+++ b/hw/usb/hcd-ehci.c
c8dfc6
@@ -2076,7 +2076,7 @@ static int ehci_state_horizqh(EHCIQueue *q)
c8dfc6
     return again;
c8dfc6
 }
c8dfc6
 
c8dfc6
-static void ehci_fill_queue(EHCIPacket *p)
c8dfc6
+static int ehci_fill_queue(EHCIPacket *p)
c8dfc6
 {
c8dfc6
     EHCIQueue *q = p->queue;
c8dfc6
     EHCIqtd qtd = p->qtd;
c8dfc6
@@ -2100,9 +2100,13 @@ static void ehci_fill_queue(EHCIPacket *p)
c8dfc6
         p->qtdaddr = qtdaddr;
c8dfc6
         p->qtd = qtd;
c8dfc6
         p->usb_status = ehci_execute(p, "queue");
c8dfc6
+        if (p->usb_status == USB_RET_PROCERR) {
c8dfc6
+            break;
c8dfc6
+        }
c8dfc6
         assert(p->usb_status == USB_RET_ASYNC);
c8dfc6
         p->async = EHCI_ASYNC_INFLIGHT;
c8dfc6
     }
c8dfc6
+    return p->usb_status;
c8dfc6
 }
c8dfc6
 
c8dfc6
 static int ehci_state_execute(EHCIQueue *q)
c8dfc6
@@ -2144,8 +2148,7 @@ static int ehci_state_execute(EHCIQueue *q)
c8dfc6
         trace_usb_ehci_packet_action(p->queue, p, "async");
c8dfc6
         p->async = EHCI_ASYNC_INFLIGHT;
c8dfc6
         ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
c8dfc6
-        again = 1;
c8dfc6
-        ehci_fill_queue(p);
c8dfc6
+        again = (ehci_fill_queue(p) == USB_RET_PROCERR) ? -1 : 1;
c8dfc6
         goto out;
c8dfc6
     }
c8dfc6
 
c8dfc6
-- 
c8dfc6
1.7.12
c8dfc6