mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-12-18 01:34:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

usb: a bunch of fixes for guest-triggerable asserts

Browse Source 
(should have been in last friday's pull, sorry ...).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfsl35AAoJEEy22O7T6HE4YMQP/2wQJ3w3ORZuT5oru15QP5eT
 FBQx9PXZsRUDGz0SCv6UI2tSW2WJLJ6ZJCKX+MCCMJZH688FGtCg3ctfT8cRbLcj
 WNQnf2zCiIIat9YE0REcW6n0GTHrG9uuRiTBqB72KtEIfXzIWVedw5nk6II9dmPV
 UV6sAaC7/YxbNfDUGE1WdJDTOgu62j+7sVPT7rfkE/a/xaCOMru49j3KDVDmE3bg
 GZqQ8H4dRnoR55aXwp0BHzqLLJlluLsj3CmUpmcZRLESzJmKFcsY+GpkQvTXW/92
 yYqxhcrQKRr5o8/D9cF2+k3KiY2WBN83bX/c5nZU5AVCaVsT6NZM7zJu8bFQ9Hfw
 ogvIej260My8DuyZNvmFmq0MLEyptl9Rflw0u909himh14UH/EjXvUMMbgf+0Fyg
 AxjQjmol0eOik+6x/rEAqg14AcWZ3Wc4+k4BPGu2IwbbdFRvpR5LmbPQ4WVrnfxW
 ngS0n8iKtLfLtWRMwvEn9jYpvLpN0ZhiApBdvRvy+XcTP2LV9+fdbdWAplA8dzlq
 Nptbj7cBVsH28Fp6kSKF9462KCfOqXAl+g3NflI40QXUpYVLYq3n9WzpC88rjo3F
 stv7Mfyl7aETNpqtdUI1kfAYyi1tUOfTpw04sLHbH34S1/rYU9RquopE8L4AS5vX
 1niM+xzgRcZwJm74yiZO
 =HYnk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20201116-pull-request' into staging

usb: a bunch of fixes for guest-triggerable asserts
(should have been in last friday's pull, sorry ...).

# gpg: Signature made Mon 16 Nov 2020 11:09:45 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20201116-pull-request:
  xhci: move sanity checks
  xhci: fix guest triggerable assert
  usb-storage: fill csw on cancel
  usb-storage: use bool for removable property
  usb-storage: add commandlog property
  usb-storage: switch trace events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2020-11-16 14:19:31 +00:00
commit 2f7c9dd518
3 changed files with 48 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
hw/usb/dev-storage.c
View File

@ -23,15 +23,7 @@
#include "qapi/visitor.h"
#include "qemu/cutils.h"
#include "qom/object.h"
//#define DEBUG_MSD
#ifdef DEBUG_MSD
#define DPRINTF(fmt, ...) \
do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
#else
#define DPRINTF(fmt, ...) do {} while(0)
#endif
#include "trace.h"
/* USB requests. */
#define MassStorageReset 0xff
@ -64,7 +56,8 @@ struct MSDState {
USBPacket *packet;
/* usb-storage only */
BlockConf conf;
uint32_t removable;
bool removable;
bool commandlog;
SCSIDevice *scsi_dev;
};
typedef struct MSDState MSDState;
@ -245,8 +238,8 @@ static void usb_msd_send_status(MSDState *s, USBPacket *p)
{
int len;
DPRINTF("Command status %d tag 0x%x, len %zd\n",
s->csw.status, le32_to_cpu(s->csw.tag), p->iov.size);
trace_usb_msd_send_status(s->csw.status, le32_to_cpu(s->csw.tag),
p->iov.size);
assert(s->csw.sig == cpu_to_le32(0x53425355));
len = MIN(sizeof(s->csw), p->iov.size);
@ -261,7 +254,7 @@ static void usb_msd_packet_complete(MSDState *s)
/* Set s->packet to NULL before calling usb_packet_complete
because another request may be issued before
usb_packet_complete returns. */
DPRINTF("Packet complete %p\n", p);
trace_usb_msd_packet_complete();
s->packet = NULL;
usb_packet_complete(&s->dev, p);
}
@ -289,7 +282,7 @@ static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, size_t r
MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
USBPacket *p = s->packet;
DPRINTF("Command complete %d tag 0x%x\n", status, req->tag);
trace_usb_msd_cmd_complete(status, req->tag);
s->csw.sig = cpu_to_le32(0x53425355);
s->csw.tag = cpu_to_le32(req->tag);
@ -331,7 +324,13 @@ static void usb_msd_request_cancelled(SCSIRequest *req)
{
MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
trace_usb_msd_cmd_cancel(req->tag);
if (req == s->req) {
s->csw.sig = cpu_to_le32(0x53425355);
s->csw.tag = cpu_to_le32(req->tag);
s->csw.status = 1; /* error */
scsi_req_unref(s->req);
s->req = NULL;
s->scsi_len = 0;
@ -342,7 +341,7 @@ static void usb_msd_handle_reset(USBDevice *dev)
{
MSDState *s = (MSDState *)dev;
DPRINTF("Reset\n");
trace_usb_msd_reset();
if (s->req) {
scsi_req_cancel(s->req);
}
@ -388,7 +387,7 @@ static void usb_msd_handle_control(USBDevice *dev, USBPacket *p,
}
maxlun++;
}
DPRINTF("MaxLun %d\n", maxlun);
trace_usb_msd_maxlun(maxlun);
data[0] = maxlun;
p->actual_length = 1;
break;
@ -436,7 +435,6 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
le32_to_cpu(cbw.sig));
goto fail;
}
DPRINTF("Command on LUN %d\n", cbw.lun);
scsi_dev = scsi_device_find(&s->bus, 0, 0, cbw.lun);
if (scsi_dev == NULL) {
error_report("usb-msd: Bad LUN %d", cbw.lun);
@ -451,14 +449,14 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
} else {
s->mode = USB_MSDM_DATAOUT;
}
DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
tag, cbw.flags, cbw.cmd_len, s->data_len);
trace_usb_msd_cmd_submit(cbw.lun, tag, cbw.flags,
cbw.cmd_len, s->data_len);
assert(le32_to_cpu(s->csw.residue) == 0);
s->scsi_len = 0;
s->req = scsi_req_new(scsi_dev, tag, cbw.lun, cbw.cmd, NULL);
#ifdef DEBUG_MSD
scsi_req_print(s->req);
#endif
if (s->commandlog) {
scsi_req_print(s->req);
}
len = scsi_req_enqueue(s->req);
if (len) {
scsi_req_continue(s->req);
@ -466,7 +464,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
break;
case USB_MSDM_DATAOUT:
DPRINTF("Data out %zd/%d\n", p->iov.size, s->data_len);
trace_usb_msd_data_out(p->iov.size, s->data_len);
if (p->iov.size > s->data_len) {
goto fail;
}
@ -488,14 +486,13 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
}
}
if (p->actual_length < p->iov.size) {
DPRINTF("Deferring packet %p [wait data-out]\n", p);
trace_usb_msd_packet_async();
s->packet = p;
p->status = USB_RET_ASYNC;
}
break;
default:
DPRINTF("Unexpected write (len %zd)\n", p->iov.size);
goto fail;
}
break;
@ -510,6 +507,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
goto fail;
}
/* Waiting for SCSI write to complete. */
trace_usb_msd_packet_async();
s->packet = p;
p->status = USB_RET_ASYNC;
break;
@ -521,7 +519,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
if (s->req) {
/* still in flight */
DPRINTF("Deferring packet %p [wait status]\n", p);
trace_usb_msd_packet_async();
s->packet = p;
p->status = USB_RET_ASYNC;
} else {
@ -531,8 +529,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
break;
case USB_MSDM_DATAIN:
DPRINTF("Data in %zd/%d, scsi_len %d\n",
p->iov.size, s->data_len, s->scsi_len);
trace_usb_msd_data_in(p->iov.size, s->data_len, s->scsi_len);
if (s->scsi_len) {
usb_msd_copy_data(s, p);
}
@ -550,20 +547,18 @@ static void usb_msd_handle_data(USBDevice *dev, USBPacket *p)
}
}
if (p->actual_length < p->iov.size && s->mode == USB_MSDM_DATAIN) {
DPRINTF("Deferring packet %p [wait data-in]\n", p);
trace_usb_msd_packet_async();
s->packet = p;
p->status = USB_RET_ASYNC;
}
break;
default:
DPRINTF("Unexpected read (len %zd)\n", p->iov.size);
goto fail;
}
break;
default:
DPRINTF("Bad token\n");
fail:
p->status = USB_RET_STALL;
break;
@ -691,7 +686,8 @@ static const VMStateDescription vmstate_usb_msd = {
static Property msd_properties[] = {
DEFINE_BLOCK_PROPERTIES(MSDState, conf),
DEFINE_BLOCK_ERROR_PROPERTIES(MSDState, conf),
DEFINE_PROP_BIT("removable", MSDState, removable, 0, false),
DEFINE_PROP_BOOL("removable", MSDState, removable, false),
DEFINE_PROP_BOOL("commandlog", MSDState, commandlog, false),
DEFINE_PROP_END_OF_LIST(),
};

11
hw/usb/hcd-xhci.c
View File

@ -1904,7 +1904,9 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
streamid = 0;
xhci_set_ep_state(xhci, epctx, NULL, EP_RUNNING);
}
assert(ring->dequeue != 0);
if (!ring->dequeue) {
return;
}
epctx->kick_active++;
while (1) {
@ -3008,14 +3010,17 @@ static void xhci_runtime_write(void *ptr, hwaddr reg,
uint64_t val, unsigned size)
{
XHCIState *xhci = ptr;
int v = (reg - 0x20) / 0x20;
XHCIInterrupter *intr = &xhci->intr[v];
XHCIInterrupter *intr;
int v;
trace_usb_xhci_runtime_write(reg, val);
if (reg < 0x20) {
trace_usb_xhci_unimplemented("runtime write", reg);
return;
}
v = (reg - 0x20) / 0x20;
intr = &xhci->intr[v];
switch (reg & 0x1f) {
case 0x00: /* IMAN */

12
hw/usb/trace-events
View File

@ -252,6 +252,18 @@ usb_hub_attach(int addr, int nr) "dev %d, port %d"
usb_hub_detach(int addr, int nr) "dev %d, port %d"
usb_hub_status_report(int addr, int status) "dev %d, status 0x%x"
# dev-storage.c
usb_msd_reset(void) ""
usb_msd_maxlun(unsigned maxlun) "%d"
usb_msd_send_status(unsigned status, unsigned tag, size_t size) "status %d, tag 0x%x, len %zd"
usb_msd_data_in(unsigned packet, unsigned remaining, unsigned total) "%d/%d (scsi %d)"
usb_msd_data_out(unsigned packet, unsigned remaining) "%d/%d"
usb_msd_packet_async(void) ""
usb_msd_packet_complete(void) ""
usb_msd_cmd_submit(unsigned lun, unsigned tag, unsigned flags, unsigned len, unsigned data_len) "lun %u, tag 0x%x, flags 0x%08x, len %d, data-len %d"
usb_msd_cmd_complete(unsigned status, unsigned tag) "status %d, tag 0x%x"
usb_msd_cmd_cancel(unsigned tag) "tag 0x%x"
# dev-uas.c
usb_uas_reset(int addr) "dev %d"
usb_uas_command(int addr, uint16_t tag, int lun, uint32_t lun64_1, uint32_t lun64_2) "dev %d, tag 0x%x, lun %d, lun64 0x%08x-0x%08x"