From f032cfab6158e981a6ea0c369c5366e654e668a6 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Sat, 18 Oct 2014 22:12:47 -0400 Subject: [PATCH 1/5] libcacard: introduce new vcard_emul_logout vcard_emul_reset currently only logs NSS out, but there is a TODO for potentially sending insertion/removal events when powering down or powering up. For clarity, this commit moves the current guts of vcard_emul_reset to a new vcard_emul_logout function which will never send insertion/removal events. The vcard_emul_reset function now just calls vcard_emul_logout, but also retains its TODO for watching power state transitions and sending insertion/removal events. Signed-off-by: Ray Strode Reviewed-By: Robert Relyea Reviewed-By: Alon Levy Signed-off-by: Gerd Hoffmann --- libcacard/vcard_emul.h | 1 + libcacard/vcard_emul_nss.c | 18 +++++++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/libcacard/vcard_emul.h b/libcacard/vcard_emul.h index 963563f86d..f09ee98dc8 100644 --- a/libcacard/vcard_emul.h +++ b/libcacard/vcard_emul.h @@ -40,6 +40,7 @@ int vcard_emul_get_login_count(VCard *card); /* login into the card, return the 7816 status word (sw2 || sw1) */ vcard_7816_status_t vcard_emul_login(VCard *card, unsigned char *pin, int pin_len); +void vcard_emul_logout(VCard *card); /* * key functions diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c index 07b446481e..950edee069 100644 --- a/libcacard/vcard_emul_nss.c +++ b/libcacard/vcard_emul_nss.c @@ -401,7 +401,7 @@ vcard_emul_login(VCard *card, unsigned char *pin, int pin_len) } void -vcard_emul_reset(VCard *card, VCardPower power) +vcard_emul_logout(VCard *card) { PK11SlotInfo *slot; @@ -409,15 +409,23 @@ vcard_emul_reset(VCard *card, VCardPower power) return; } + slot = vcard_emul_card_get_slot(card); + if (PK11_IsLoggedIn(slot, NULL)) { + PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */ + } +} + +void +vcard_emul_reset(VCard *card, VCardPower power) +{ /* * if we reset the card (either power on or power off), we lose our login * state */ - /* TODO: we may also need to send insertion/removal events? */ - slot = vcard_emul_card_get_slot(card); - PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */ -} + vcard_emul_logout(card); + /* TODO: we may also need to send insertion/removal events? */ +} static VReader * vcard_emul_find_vreader_from_slot(PK11SlotInfo *slot) From 1223bc4cee3fcdbcb1f6a3ff4ff7a3ab1d875b8a Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Sat, 18 Oct 2014 22:12:48 -0400 Subject: [PATCH 2/5] libcacard: Lock NSS cert db when selecting an applet on an emulated card When a process in a guest uses an emulated smartcard, libcacard running on the host passes the PIN from the guest to the PK11_Authenticate NSS function. The first time PK11_Authenticate is called the passed in PIN is used to unlock the certificate database. Subsequent calls to PK11_Authenticate will transparently succeed, regardless of the passed in PIN. This is a convenience for applications provided by NSS. Of course, the guest may have many applications using the one emulated smart card all driven from the same host QEMU process. That means if a user enters the right PIN in one program in the guest, and then enters the wrong PIN in another program in the guest, the wrong PIN will still successfully unlock the virtual smartcard. This commit forces the NSS certificate database to be locked anytime an applet is selected on an emulated smartcard by calling vcard_emul_logout. Signed-off-by: Ray Strode Reviewed-By: Robert Relyea Reviewed-By: Alon Levy Signed-off-by: Gerd Hoffmann --- libcacard/vcard.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcacard/vcard.c b/libcacard/vcard.c index 87ad5166a8..d140a8ed1a 100644 --- a/libcacard/vcard.c +++ b/libcacard/vcard.c @@ -250,6 +250,11 @@ void vcard_select_applet(VCard *card, int channel, VCardApplet *applet) { assert(channel < MAX_CHANNEL); + + /* If using an emulated card, make sure to log out of any already logged in + * session. */ + vcard_emul_logout(card); + card->current_applet[channel] = applet; /* reset the applet */ if (applet && applet->reset_applet) { From 81b49e8f892a977f3821f3416ea51aa641d63ac4 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Sat, 18 Oct 2014 22:12:49 -0400 Subject: [PATCH 3/5] libcacard: don't free sign buffer while sign op is pending commit 57f97834efe0c208ffadc9d2959f3d3d55580e52 cleaned up the cac_applet_pki_process_apdu function to have a single exit point. Unfortunately, that commit introduced a bug where the sign buffer can get free'd and nullified while it's still being used. This commit corrects the bug by introducing a boolean to track whether or not the sign buffer should be freed in the function exit path. Signed-off-by: Ray Strode Reviewed-by: Alon Levy Signed-off-by: Gerd Hoffmann --- libcacard/cac.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libcacard/cac.c b/libcacard/cac.c index ae8c3784b9..f38fdceddd 100644 --- a/libcacard/cac.c +++ b/libcacard/cac.c @@ -115,6 +115,7 @@ cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu, VCardAppletPrivate *applet_private; int size, next; unsigned char *sign_buffer; + bool retain_sign_buffer = FALSE; vcard_7816_status_t status; VCardStatus ret = VCARD_FAIL; @@ -178,6 +179,7 @@ cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu, pki_applet->sign_buffer = sign_buffer; pki_applet->sign_buffer_len = size; *response = vcard_make_response(VCARD7816_STATUS_SUCCESS); + retain_sign_buffer = TRUE; break; case 0x00: /* we now have the whole buffer, do the operation, result will be @@ -200,9 +202,11 @@ cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu, VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); break; } - g_free(sign_buffer); - pki_applet->sign_buffer = NULL; - pki_applet->sign_buffer_len = 0; + if (!retain_sign_buffer) { + g_free(sign_buffer); + pki_applet->sign_buffer = NULL; + pki_applet->sign_buffer_len = 0; + } ret = VCARD_DONE; break; case CAC_READ_BUFFER: From 2aa6bfcb663c43775600a95719ef0c6b849188d0 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 21 Oct 2014 12:29:33 +0200 Subject: [PATCH 4/5] xhci: add property to turn on/off streams support streams support in usb-redir and usb-host works only with recent enough versions of the support libraries (libusbredir and libusbx). Failure mode is rather unelegant: Any stream usb transfers will throw stall errors. Turning off support for streams in the xhci host controller will work better as the guest can figure beforehand that streams are not going to work. Signed-off-by: Gerd Hoffmann Reviewed-by: Hans de Goede --- hw/usb/hcd-xhci.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index a27c9d37fa..2930b72c1d 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -459,6 +459,7 @@ struct XHCIState { uint32_t numintrs; uint32_t numslots; uint32_t flags; + uint32_t max_pstreams_mask; /* Operational Registers */ uint32_t usbcmd; @@ -500,6 +501,7 @@ enum xhci_flags { XHCI_FLAG_USE_MSI_X, XHCI_FLAG_SS_FIRST, XHCI_FLAG_FORCE_PCIE_ENDCAP, + XHCI_FLAG_ENABLE_STREAMS, }; static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, @@ -1384,7 +1386,7 @@ static void xhci_init_epctx(XHCIEPContext *epctx, epctx->pctx = pctx; epctx->max_psize = ctx[1]>>16; epctx->max_psize *= 1+((ctx[1]>>8)&0xff); - epctx->max_pstreams = (ctx[0] >> 10) & 0xf; + epctx->max_pstreams = (ctx[0] >> 10) & epctx->xhci->max_pstreams_mask; epctx->lsa = (ctx[0] >> 15) & 1; if (epctx->max_pstreams) { xhci_alloc_streams(epctx, dequeue); @@ -2956,9 +2958,9 @@ static uint64_t xhci_cap_read(void *ptr, hwaddr reg, unsigned size) break; case 0x10: /* HCCPARAMS */ if (sizeof(dma_addr_t) == 4) { - ret = 0x00087000; + ret = 0x00080000 | (xhci->max_pstreams_mask << 12); } else { - ret = 0x00087001; + ret = 0x00080001 | (xhci->max_pstreams_mask << 12); } break; case 0x14: /* DBOFF */ @@ -3590,6 +3592,11 @@ static int usb_xhci_initfn(struct PCIDevice *dev) if (xhci->numslots < 1) { xhci->numslots = 1; } + if (xhci_get_flag(xhci, XHCI_FLAG_ENABLE_STREAMS)) { + xhci->max_pstreams_mask = 7; /* == 256 primary streams */ + } else { + xhci->max_pstreams_mask = 0; + } xhci->mfwrap_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, xhci_mfwrap_timer, xhci); @@ -3853,6 +3860,8 @@ static Property xhci_properties[] = { XHCIState, flags, XHCI_FLAG_SS_FIRST, true), DEFINE_PROP_BIT("force-pcie-endcap", XHCIState, flags, XHCI_FLAG_FORCE_PCIE_ENDCAP, false), + DEFINE_PROP_BIT("streams", XHCIState, flags, + XHCI_FLAG_ENABLE_STREAMS, true), DEFINE_PROP_UINT32("intrs", XHCIState, numintrs, MAXINTRS), DEFINE_PROP_UINT32("slots", XHCIState, numslots, MAXSLOTS), DEFINE_PROP_UINT32("p2", XHCIState, numports_2, 4), From a65e4ef90f0fb437b8e74e250a6f94aa4ecfa25c Mon Sep 17 00:00:00 2001 From: Gonglei Date: Mon, 27 Oct 2014 18:20:17 +0800 Subject: [PATCH 5/5] uhci: remove useless DEBUG commit 50dcc0f8 (uhci: tracing support) had removed DPRINTF, the DEBUG marco is useless now, remove it. Signed-off-by: Gonglei Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-uhci.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index 5b88f3070f..4a4215d332 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -35,9 +35,6 @@ #include "trace.h" #include "qemu/main-loop.h" -//#define DEBUG -//#define DEBUG_DUMP_DATA - #define FRAME_TIMER_FREQ 1000 #define FRAME_MAX_LOOPS 256