* [PULL 0/3] Usb 20201019 patches
@ 2020-10-19 12:33 Gerd Hoffmann
2020-10-19 12:33 ` [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Gerd Hoffmann
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2020-10-19 12:33 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
The following changes since commit e12ce85b2c79d83a340953291912875c30b3af06:
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging (2020-10-16 22:46:28 +0100)
are available in the Git repository at:
git://git.kraxel.org/qemu tags/usb-20201019-pull-request
for you to fetch changes up to bea2a9e3e00b275dc40cfa09c760c715b8753e03:
hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() (2020-10-19 09:17:21 +0200)
----------------------------------------------------------------
usb: fixes for dwc2 + ehci.
----------------------------------------------------------------
Anthony PERARD (1):
usb/hcd-ehci: Fix error handling on missing device for iTD
Mauro Matteo Cascella (1):
hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
Paul Zimmerman (1):
usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)
hw/usb/hcd-dwc2.c | 106 +++++++++++++++++++++++++++++++++++++---------
hw/usb/hcd-ehci.c | 35 +++++++--------
2 files changed, 105 insertions(+), 36 deletions(-)
--
2.27.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)
2020-10-19 12:33 [PULL 0/3] Usb 20201019 patches Gerd Hoffmann
@ 2020-10-19 12:33 ` Gerd Hoffmann
2020-10-19 12:33 ` [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD Gerd Hoffmann
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2020-10-19 12:33 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell, Gerd Hoffmann, Paul Zimmerman
From: Paul Zimmerman <pauldzim@gmail.com>
Change several assert()s to qemu_log_mask(LOG_GUEST_ERROR...),
to prevent the guest from causing Qemu to assert. Also fix up
several existing qemu_log_mask()s to include the function name in
the message.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paul Zimmerman <pauldzim@gmail.com>
Message-id: 20200920021449.830-1-pauldzim@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-dwc2.c | 100 +++++++++++++++++++++++++++++++++++++---------
1 file changed, 81 insertions(+), 19 deletions(-)
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
index 97688d21bf0f..64c23c1ed084 100644
--- a/hw/usb/hcd-dwc2.c
+++ b/hw/usb/hcd-dwc2.c
@@ -238,7 +238,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t devadr, USBDevice *dev,
pid = get_field(hctsiz, TSIZ_SC_MC_PID);
pcnt = get_field(hctsiz, TSIZ_PKTCNT);
len = get_field(hctsiz, TSIZ_XFERSIZE);
- assert(len <= DWC2_MAX_XFER_SIZE);
+ if (len > DWC2_MAX_XFER_SIZE) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: HCTSIZ transfer size too large\n", __func__);
+ return;
+ }
+
chan = index >> 3;
p = &s->packet[chan];
@@ -663,7 +668,12 @@ static uint64_t dwc2_glbreg_read(void *ptr, hwaddr addr, int index,
DWC2State *s = ptr;
uint32_t val;
- assert(addr <= GINTSTS2);
+ if (addr > GINTSTS2) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return 0;
+ }
+
val = s->glbreg[index];
switch (addr) {
@@ -690,7 +700,12 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr, int index, uint64_t val,
uint32_t old;
int iflg = 0;
- assert(addr <= GINTSTS2);
+ if (addr > GINTSTS2) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return;
+ }
+
mmio = &s->glbreg[index];
old = *mmio;
@@ -715,27 +730,34 @@ static void dwc2_glbreg_write(void *ptr, hwaddr addr, int index, uint64_t val,
val &= ~GRSTCTL_DMAREQ;
if (!(old & GRSTCTL_TXFFLSH) && (val & GRSTCTL_TXFFLSH)) {
/* TODO - TX fifo flush */
- qemu_log_mask(LOG_UNIMP, "Tx FIFO flush not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: Tx FIFO flush not implemented\n",
+ __func__);
}
if (!(old & GRSTCTL_RXFFLSH) && (val & GRSTCTL_RXFFLSH)) {
/* TODO - RX fifo flush */
- qemu_log_mask(LOG_UNIMP, "Rx FIFO flush not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: Rx FIFO flush not implemented\n",
+ __func__);
}
if (!(old & GRSTCTL_IN_TKNQ_FLSH) && (val & GRSTCTL_IN_TKNQ_FLSH)) {
/* TODO - device IN token queue flush */
- qemu_log_mask(LOG_UNIMP, "Token queue flush not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: Token queue flush not implemented\n",
+ __func__);
}
if (!(old & GRSTCTL_FRMCNTRRST) && (val & GRSTCTL_FRMCNTRRST)) {
/* TODO - host frame counter reset */
- qemu_log_mask(LOG_UNIMP, "Frame counter reset not implemented\n");
+ qemu_log_mask(LOG_UNIMP,
+ "%s: Frame counter reset not implemented\n",
+ __func__);
}
if (!(old & GRSTCTL_HSFTRST) && (val & GRSTCTL_HSFTRST)) {
/* TODO - host soft reset */
- qemu_log_mask(LOG_UNIMP, "Host soft reset not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: Host soft reset not implemented\n",
+ __func__);
}
if (!(old & GRSTCTL_CSFTRST) && (val & GRSTCTL_CSFTRST)) {
/* TODO - core soft reset */
- qemu_log_mask(LOG_UNIMP, "Core soft reset not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: Core soft reset not implemented\n",
+ __func__);
}
/* don't allow clearing of self-clearing bits */
val |= old & (GRSTCTL_TXFFLSH | GRSTCTL_RXFFLSH |
@@ -774,7 +796,12 @@ static uint64_t dwc2_fszreg_read(void *ptr, hwaddr addr, int index,
DWC2State *s = ptr;
uint32_t val;
- assert(addr == HPTXFSIZ);
+ if (addr != HPTXFSIZ) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return 0;
+ }
+
val = s->fszreg[index];
trace_usb_dwc2_fszreg_read(addr, val);
@@ -789,7 +816,12 @@ static void dwc2_fszreg_write(void *ptr, hwaddr addr, int index, uint64_t val,
uint32_t *mmio;
uint32_t old;
- assert(addr == HPTXFSIZ);
+ if (addr != HPTXFSIZ) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return;
+ }
+
mmio = &s->fszreg[index];
old = *mmio;
@@ -810,7 +842,12 @@ static uint64_t dwc2_hreg0_read(void *ptr, hwaddr addr, int index,
DWC2State *s = ptr;
uint32_t val;
- assert(addr >= HCFG && addr <= HPRT0);
+ if (addr < HCFG || addr > HPRT0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return 0;
+ }
+
val = s->hreg0[index];
switch (addr) {
@@ -837,7 +874,12 @@ static void dwc2_hreg0_write(void *ptr, hwaddr addr, int index, uint64_t val,
int prst = 0;
int iflg = 0;
- assert(addr >= HCFG && addr <= HPRT0);
+ if (addr < HCFG || addr > HPRT0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return;
+ }
+
mmio = &s->hreg0[index];
old = *mmio;
@@ -923,7 +965,12 @@ static uint64_t dwc2_hreg1_read(void *ptr, hwaddr addr, int index,
DWC2State *s = ptr;
uint32_t val;
- assert(addr >= HCCHAR(0) && addr <= HCDMAB(DWC2_NB_CHAN - 1));
+ if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return 0;
+ }
+
val = s->hreg1[index];
trace_usb_dwc2_hreg1_read(addr, hreg1nm[index & 7], addr >> 5, val);
@@ -941,7 +988,12 @@ static void dwc2_hreg1_write(void *ptr, hwaddr addr, int index, uint64_t val,
int enflg = 0;
int disflg = 0;
- assert(addr >= HCCHAR(0) && addr <= HCDMAB(DWC2_NB_CHAN - 1));
+ if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return;
+ }
+
mmio = &s->hreg1[index];
old = *mmio;
@@ -1008,7 +1060,12 @@ static uint64_t dwc2_pcgreg_read(void *ptr, hwaddr addr, int index,
DWC2State *s = ptr;
uint32_t val;
- assert(addr >= PCGCTL && addr <= PCGCCTL1);
+ if (addr < PCGCTL || addr > PCGCCTL1) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return 0;
+ }
+
val = s->pcgreg[index];
trace_usb_dwc2_pcgreg_read(addr, pcgregnm[index], val);
@@ -1023,7 +1080,12 @@ static void dwc2_pcgreg_write(void *ptr, hwaddr addr, int index,
uint32_t *mmio;
uint32_t old;
- assert(addr >= PCGCTL && addr <= PCGCCTL1);
+ if (addr < PCGCTL || addr > PCGCCTL1) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
+ __func__, addr);
+ return;
+ }
+
mmio = &s->pcgreg[index];
old = *mmio;
@@ -1108,7 +1170,7 @@ static uint64_t dwc2_hreg2_read(void *ptr, hwaddr addr, unsigned size)
{
/* TODO - implement FIFOs to support slave mode */
trace_usb_dwc2_hreg2_read(addr, addr >> 12, 0);
- qemu_log_mask(LOG_UNIMP, "FIFO read not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: FIFO read not implemented\n", __func__);
return 0;
}
@@ -1119,7 +1181,7 @@ static void dwc2_hreg2_write(void *ptr, hwaddr addr, uint64_t val,
/* TODO - implement FIFOs to support slave mode */
trace_usb_dwc2_hreg2_write(addr, addr >> 12, orig, 0, val);
- qemu_log_mask(LOG_UNIMP, "FIFO write not implemented\n");
+ qemu_log_mask(LOG_UNIMP, "%s: FIFO write not implemented\n", __func__);
}
static const MemoryRegionOps dwc2_mmio_hreg2_ops = {
--
2.27.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD
2020-10-19 12:33 [PULL 0/3] Usb 20201019 patches Gerd Hoffmann
2020-10-19 12:33 ` [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Gerd Hoffmann
@ 2020-10-19 12:33 ` Gerd Hoffmann
2020-10-19 12:33 ` [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Gerd Hoffmann
2020-10-19 13:39 ` [PULL 0/3] Usb 20201019 patches Peter Maydell
3 siblings, 0 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2020-10-19 12:33 UTC (permalink / raw)
To: qemu-devel; +Cc: Anthony PERARD, Gerd Hoffmann
From: Anthony PERARD <anthony.perard@citrix.com>
The EHCI Host Controller emulation attempt to locate the device
associated with a periodic isochronous transfer description (iTD) and
when this fail the host controller is reset.
But according the EHCI spec 1.0 section 5.15.2.4 Host System
Error, the host controller is supposed to reset itself only when it
failed to communicate with the Host (Operating System), like when
there's an error on the PCI bus. If a transaction fails, there's
nothing in the spec that say to reset the host controller.
This patch rework the error path so that the host controller can keep
working when the OS setup a bogus transaction, it also revert to the
behavior of the EHCI emulation to before commits:
e94682f1fe ("ehci: check device is not NULL before calling usb_ep_get()")
7011baece2 ("usb: remove unnecessary NULL device check from usb_ep_get()")
The issue has been found while trying to passthrough a USB device to a
Windows Server 2012 Xen guest via "usb-ehci", which prevent the USB
device from working in Windows. ("usb-ehci" alone works, windows only
setup this weird periodic iTD to device 127 endpoint 15 when the USB
device is passthrough.)
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 20201014104106.2962640-1-anthony.perard@citrix.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 35 ++++++++++++++++++-----------------
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 2b995443fbfd..ae7f20c502ac 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1447,24 +1447,25 @@ static int ehci_process_itd(EHCIState *ehci,
dev = ehci_find_device(ehci, devaddr);
if (dev == NULL) {
ehci_trace_guest_bug(ehci, "no device found");
- qemu_sglist_destroy(&ehci->isgl);
- return -1;
- }
- pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
- ep = usb_ep_get(dev, pid, endp);
- if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
- usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
- (itd->transact[i] & ITD_XACT_IOC) != 0);
- if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
- qemu_sglist_destroy(&ehci->isgl);
- return -1;
- }
- usb_handle_packet(dev, &ehci->ipacket);
- usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
- } else {
- DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
- ehci->ipacket.status = USB_RET_NAK;
+ ehci->ipacket.status = USB_RET_NODEV;
ehci->ipacket.actual_length = 0;
+ } else {
+ pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
+ ep = usb_ep_get(dev, pid, endp);
+ if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
+ usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
+ (itd->transact[i] & ITD_XACT_IOC) != 0);
+ if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
+ qemu_sglist_destroy(&ehci->isgl);
+ return -1;
+ }
+ usb_handle_packet(dev, &ehci->ipacket);
+ usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
+ } else {
+ DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
+ ehci->ipacket.status = USB_RET_NAK;
+ ehci->ipacket.actual_length = 0;
+ }
}
qemu_sglist_destroy(&ehci->isgl);
--
2.27.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
2020-10-19 12:33 [PULL 0/3] Usb 20201019 patches Gerd Hoffmann
2020-10-19 12:33 ` [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Gerd Hoffmann
2020-10-19 12:33 ` [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD Gerd Hoffmann
@ 2020-10-19 12:33 ` Gerd Hoffmann
2020-10-19 13:39 ` [PULL 0/3] Usb 20201019 patches Peter Maydell
3 siblings, 0 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2020-10-19 12:33 UTC (permalink / raw)
To: qemu-devel
Cc: Gaoning Pan, Mauro Matteo Cascella, Xingwei Lin, Gerd Hoffmann,
Paul Zimmerman
From: Mauro Matteo Cascella <mcascell@redhat.com>
Check the value of mps to avoid potential divide-by-zero later in the function.
Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest
from crashing the QEMU process on the host.
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Paul Zimmerman <pauldzim@gmail.com>
Reported-by: Gaoning Pan <gaoning.pgn@antgroup.com>
Reported-by: Xingwei Lin <linyi.lxw@antfin.com>
Message-id: 20201015075957.268823-1-mcascell@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-dwc2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
index 64c23c1ed084..e1d96acf7ecf 100644
--- a/hw/usb/hcd-dwc2.c
+++ b/hw/usb/hcd-dwc2.c
@@ -250,6 +250,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t devadr, USBDevice *dev,
trace_usb_dwc2_handle_packet(chan, dev, &p->packet, epnum, types[eptype],
dirs[epdir], mps, len, pcnt);
+ if (mps == 0) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad HCCHAR_MPS set to zero\n", __func__);
+ return;
+ }
+
if (eptype == USB_ENDPOINT_XFER_CONTROL && pid == TSIZ_SC_MC_PID_SETUP) {
pid = USB_TOKEN_SETUP;
} else {
--
2.27.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PULL 0/3] Usb 20201019 patches
2020-10-19 12:33 [PULL 0/3] Usb 20201019 patches Gerd Hoffmann
` (2 preceding siblings ...)
2020-10-19 12:33 ` [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Gerd Hoffmann
@ 2020-10-19 13:39 ` Peter Maydell
3 siblings, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2020-10-19 13:39 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: QEMU Developers
On Mon, 19 Oct 2020 at 13:36, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> The following changes since commit e12ce85b2c79d83a340953291912875c30b3af06:
>
> Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging (2020-10-16 22:46:28 +0100)
>
> are available in the Git repository at:
>
> git://git.kraxel.org/qemu tags/usb-20201019-pull-request
>
> for you to fetch changes up to bea2a9e3e00b275dc40cfa09c760c715b8753e03:
>
> hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() (2020-10-19 09:17:21 +0200)
>
> ----------------------------------------------------------------
> usb: fixes for dwc2 + ehci.
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
2020-10-16 5:24 [PULL 0/3] Usb 20201016 patches Gerd Hoffmann
@ 2020-10-16 5:24 ` Gerd Hoffmann
0 siblings, 0 replies; 6+ messages in thread
From: Gerd Hoffmann @ 2020-10-16 5:24 UTC (permalink / raw)
To: qemu-devel
Cc: Gaoning Pan, Mauro Matteo Cascella, Xingwei Lin, Gerd Hoffmann,
Paul Zimmerman
From: Mauro Matteo Cascella <mcascell@redhat.com>
Check the value of mps to avoid potential divide-by-zero later in the function.
Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest
from crashing the QEMU process on the host.
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Paul Zimmerman <pauldzim@gmail.com>
Reported-by: Gaoning Pan <gaoning.pgn@antgroup.com>
Reported-by: Xingwei Lin <linyi.lxw@antfin.com>
Message-id: 20201015075957.268823-1-mcascell@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-dwc2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
index 64c23c1ed084..e1d96acf7ecf 100644
--- a/hw/usb/hcd-dwc2.c
+++ b/hw/usb/hcd-dwc2.c
@@ -250,6 +250,12 @@ static void dwc2_handle_packet(DWC2State *s, uint32_t devadr, USBDevice *dev,
trace_usb_dwc2_handle_packet(chan, dev, &p->packet, epnum, types[eptype],
dirs[epdir], mps, len, pcnt);
+ if (mps == 0) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad HCCHAR_MPS set to zero\n", __func__);
+ return;
+ }
+
if (eptype == USB_ENDPOINT_XFER_CONTROL && pid == TSIZ_SC_MC_PID_SETUP) {
pid = USB_TOKEN_SETUP;
} else {
--
2.27.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-19 13:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-19 12:33 [PULL 0/3] Usb 20201019 patches Gerd Hoffmann
2020-10-19 12:33 ` [PULL 1/3] usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...) Gerd Hoffmann
2020-10-19 12:33 ` [PULL 2/3] usb/hcd-ehci: Fix error handling on missing device for iTD Gerd Hoffmann
2020-10-19 12:33 ` [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Gerd Hoffmann
2020-10-19 13:39 ` [PULL 0/3] Usb 20201019 patches Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2020-10-16 5:24 [PULL 0/3] Usb 20201016 patches Gerd Hoffmann
2020-10-16 5:24 ` [PULL 3/3] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() Gerd Hoffmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).