From: Qiang Liu <cyruscyliu@gmail.com>
Cc: "open list:All patches CC here" <qemu-devel@nongnu.org>,
Qiang Liu <cyruscyliu@gmail.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Paul Zimmerman <pauldzim@gmail.com>
Subject: [PATCH] hw/usb/hcd-dwc2: Enforce epnum to 0 for the control endpoint to avoid the assertion failure in usb_ep_get()
Date: Sun, 27 Jun 2021 11:28:26 +0800 [thread overview]
Message-ID: <1624764506-19841-1-git-send-email-cyruscyliu@gmail.com> (raw)
When eptype is USB_ENDPOINT_XFER_CONTROL and pid is
TSIZ_SC_MC_PID_SETUP, usb_ep_get() should return the control endpoint.
In hw/usb/core.c, the assumed epnum of the control endpoint is 0. When
epnum is not 0, usb_ep_get() will crash due to the check assert(pid ==
USB_TOKEN_IN || pid == USB_TOKEN_OUT).
The description
http://www.capital-micro.com/PDF/CME-M7_Family_User_Guide_EN.pdf
(18.5.3.4 (14), 18.5.3.4 (10)) a) mentions that the pid is maintained by
the host, b) but doesn't mention that whether the epnum should be 0 for
the control endpoint. However, usb_ep_get() assumes it is 0. To avoid
potential assertion failure in usb_ep_get(), we could enforce epnum to 0
and warn users.
Fixes: 153ef1662c3 ("dwc-hsotg (dwc2) USB host controller emulation")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
---
hw/usb/hcd-dwc2.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
index e1d96ac..65d9d46 100644
--- a/hw/usb/hcd-dwc2.c
+++ b/hw/usb/hcd-dwc2.c
@@ -636,6 +636,11 @@ static void dwc2_enable_chan(DWC2State *s, uint32_t index)
}
if (eptype == USB_ENDPOINT_XFER_CONTROL && pid == TSIZ_SC_MC_PID_SETUP) {
+ if (epnum != 0) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "epnum should be 0 for the control endpoint\n");
+ epnum = 0;
+ }
pid = USB_TOKEN_SETUP;
} else {
pid = epdir ? USB_TOKEN_IN : USB_TOKEN_OUT;
--
2.7.4
next reply other threads:[~2021-06-27 3:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-27 3:28 Qiang Liu [this message]
2021-06-27 5:21 ` [PATCH] hw/usb/hcd-dwc2: Enforce epnum to 0 for the control endpoint to avoid the assertion failure in usb_ep_get() Qiang Liu
2021-07-04 22:27 ` Paul Zimmerman
2021-07-05 1:34 ` Qiang Liu
2021-07-21 11:44 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1624764506-19841-1-git-send-email-cyruscyliu@gmail.com \
--to=cyruscyliu@gmail.com \
--cc=kraxel@redhat.com \
--cc=pauldzim@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.