qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] usb: drop active assert when pid is invalid
@ 2016-02-15 12:01 Gonglei
  0 siblings, 0 replies; only message in thread
From: Gonglei @ 2016-02-15 12:01 UTC (permalink / raw)
  To: qemu-devel; +Cc: Gonglei, kraxel

pid can be gotten from uhci device memory in uhci_handle_td(),
so the guest can trigger assert qemu if we get an invalid pid.
And the uhci spec 2.1.2 tells us The Host Controller sets Host
Controller Process Error bit to 1 when it detects a fatal error
and indicates that the Host Controller suffered a consistency
check failure while processing a Transfer Descriptor. An example
of a consistency check failure would be finding an illegal PID
field while processing the packet header portion of the TD.

We'd better to set UHCI_STS_HCPERR and kick an interrupt, but
active assert Qemu, which follow the real hardware's spec.

[Also fixed BZ 1070027]

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 hw/usb/core.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/usb/core.c b/hw/usb/core.c
index bea5e1e..6fbcf00 100644
--- a/hw/usb/core.c
+++ b/hw/usb/core.c
@@ -716,7 +716,6 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep)
     if (ep == 0) {
         return &dev->ep_ctl;
     }
-    assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT);
     assert(ep > 0 && ep <= USB_MAX_ENDPOINTS);
     return eps + ep - 1;
 }
-- 
1.8.5.2

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2016-02-15 12:02 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-15 12:01 [Qemu-devel] [PATCH] usb: drop active assert when pid is invalid Gonglei

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).