Blame 0140-ehci-Handle-USB_RET_PROCERR-in-ehci_fill_queue.patch

5544c1
From 90905dca56de07f7c394ef8cbe480a0d08e0d8cd Mon Sep 17 00:00:00 2001
Hans de Goede c8dfc6
From: Hans de Goede <hdegoede@redhat.com>
Hans de Goede c8dfc6
Date: Mon, 3 Sep 2012 11:35:58 +0200
5544c1
Subject: [PATCH] ehci: Handle USB_RET_PROCERR in ehci_fill_queue
Hans de Goede c8dfc6
Hans de Goede c8dfc6
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
Hans de Goede c8dfc6
then BUFFSIZE bytes), so don't assert on it.
Hans de Goede c8dfc6
Hans de Goede c8dfc6
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Hans de Goede c8dfc6
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5544c1
(cherry picked from commit eff6dce79bd7ad3c16d75c5e55b5a2a137ba6a60)
5544c1
5544c1
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede c8dfc6
---
Hans de Goede c8dfc6
 hw/usb/hcd-ehci.c | 9 ++++++---
Hans de Goede c8dfc6
 1 file changed, 6 insertions(+), 3 deletions(-)
Hans de Goede c8dfc6
Hans de Goede c8dfc6
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
Hans de Goede c8dfc6
index d87aca8..2534394 100644
Hans de Goede c8dfc6
--- a/hw/usb/hcd-ehci.c
Hans de Goede c8dfc6
+++ b/hw/usb/hcd-ehci.c
Hans de Goede c8dfc6
@@ -2076,7 +2076,7 @@ static int ehci_state_horizqh(EHCIQueue *q)
Hans de Goede c8dfc6
     return again;
Hans de Goede c8dfc6
 }
Hans de Goede c8dfc6
 
Hans de Goede c8dfc6
-static void ehci_fill_queue(EHCIPacket *p)
Hans de Goede c8dfc6
+static int ehci_fill_queue(EHCIPacket *p)
Hans de Goede c8dfc6
 {
Hans de Goede c8dfc6
     EHCIQueue *q = p->queue;
Hans de Goede c8dfc6
     EHCIqtd qtd = p->qtd;
Hans de Goede c8dfc6
@@ -2100,9 +2100,13 @@ static void ehci_fill_queue(EHCIPacket *p)
Hans de Goede c8dfc6
         p->qtdaddr = qtdaddr;
Hans de Goede c8dfc6
         p->qtd = qtd;
Hans de Goede c8dfc6
         p->usb_status = ehci_execute(p, "queue");
Hans de Goede c8dfc6
+        if (p->usb_status == USB_RET_PROCERR) {
Hans de Goede c8dfc6
+            break;
Hans de Goede c8dfc6
+        }
Hans de Goede c8dfc6
         assert(p->usb_status == USB_RET_ASYNC);
Hans de Goede c8dfc6
         p->async = EHCI_ASYNC_INFLIGHT;
Hans de Goede c8dfc6
     }
Hans de Goede c8dfc6
+    return p->usb_status;
Hans de Goede c8dfc6
 }
Hans de Goede c8dfc6
 
Hans de Goede c8dfc6
 static int ehci_state_execute(EHCIQueue *q)
Hans de Goede c8dfc6
@@ -2144,8 +2148,7 @@ static int ehci_state_execute(EHCIQueue *q)
Hans de Goede c8dfc6
         trace_usb_ehci_packet_action(p->queue, p, "async");
Hans de Goede c8dfc6
         p->async = EHCI_ASYNC_INFLIGHT;
Hans de Goede c8dfc6
         ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
Hans de Goede c8dfc6
-        again = 1;
Hans de Goede c8dfc6
-        ehci_fill_queue(p);
Hans de Goede c8dfc6
+        again = (ehci_fill_queue(p) == USB_RET_PROCERR) ? -1 : 1;
Hans de Goede c8dfc6
         goto out;
Hans de Goede c8dfc6
     }
Hans de Goede c8dfc6
 
Hans de Goede c8dfc6
-- 
5544c1
1.7.12.1
Hans de Goede c8dfc6