Commit Graph

79869 Commits

Author SHA1 Message Date
Richard Henderson
372122e3e7 target/microblaze: Convert to translator_loop
Finish the conversion to the generic translator_loop.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
d4705ae084 target/microblaze: Convert to DisasContextBase
Part one of conversion to the generic translator_loop is to
use the DisasContextBase and the members therein.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
0b46fa0821 target/microblaze: Check singlestep_enabled in gen_goto_tb
Do not use goto_tb if we're single-stepping.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
a2b80dbd96 target/microblaze: Use DISAS_NORETURN
Both exceptions and gen_goto_tb do not return.  Use the
official DISAS_NORETURN enumerator for this case.
This eliminates all use of DISAS_TB_JUMP.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
1074c0fb91 target/microblaze: Split out MSR[C] to its own variable
Having the MSR[C] bit separate will improve arithmetic that operates
on the carry bit.  Having mb_cpu_read_msr() populate MSR[CC] will
prevent the carry copy not matching the carry bit.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
480d29a8fa target/microblaze: Tidy mb_tcg_init
All of the tcg globals can be recorded in the same table.
Drop the "r" prefix from "rpc" and "rmsr".  Obviates the
need for regnames[], which was incorrectly not const.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
9b1585589d target/microblaze: Rename env_* tcg variables to cpu_*
This is cpu_imm, cpu_btaken, cpu_iflags, cpu_res_addr and cpu_res_val.
It is standard for these file-scope globals to begin with cpu_*.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
eb2022b7d0 target/microblaze: Remove helper_debug and env->debug
This is not used, and seems redundant with -d cpu.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
41060b74bf target/microblaze: Mark raise_exception as noreturn
This will allow tcg to remove any dead code that might
follow an exception.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
41ba37c477 target/microblaze: Tidy raising of exceptions
Split out gen_raise_exception which does no cpu state sync.
Rename t_gen_raise_exception to gen_raise_exception_sync to
emphasize that it does a sync.  Create gen_raise_hw_excp to
simplify code raising EXCP_HW_EXCP.

Since there is now only one use of cpu_esr, perform a store
instead and remove the TCG variable.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
dbdb77c4df target/microblaze: Remove cpu_ear
Since cpu_ear is only used during MSR and MTR instructions,
we can just as easily use an explicit load and store, so
eliminate the variable.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
39db007eda target/microblaze: Fix width of EDR
The exception data register is only 32-bits wide.  Do not use a
64-bit type to represent it.  Since cpu_edr is only used during
MSR and MTR instructions, we can just as easily use an explicit
load and store, so eliminate the variable.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
ccf628b793 target/microblaze: Fix width of BTR
The branch target register is only 32-bits wide.  Do not use a
64-bit type to represent it.  Since cpu_btr is only used during
MSR and MTR instructions, we can just as easily use an explicit
load and store, so eliminate the variable.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
86017ccfbd target/microblaze: Fix width of FSR
The exception status register is only 32-bits wide.  Do not use a
64-bit type to represent it.  Since cpu_fsr is only used during
MSR and MTR instructions, we can just as easily use an explicit
load and store, so eliminate the variable.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
6efd55995a target/microblaze: Fix width of ESR
The exception status register is only 32-bits wide.
Do not use a 64-bit type to represent it.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
3e0e16ae1e target/microblaze: Fix width of MSR
The machine status register is only 32-bits wide.
Do not use a 64-bit type to represent it.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
0f96e96bd5 target/microblaze: Fix width of PC and BTARGET
The program counter is only 32-bits wide.  Do not use a 64-bit
type to represent it.  Since they are so closely related, fix
btarget at the same time.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
aa28e6d4c7 target/microblaze: Split the cpu_SR array
Similar to splitting the sregs array, this will allow further
fixes and cleanups.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
af20a93acb target/microblaze: Split out EDR from env->sregs
Finish eliminating the sregs array in favor of individual members.
Does not correct the width of EDR, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
6fbf78f24a target/microblaze: Split out BTR from env->sregs
Continue eliminating the sregs array in favor of individual members.
Does not correct the width of BTR, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
5a8e01366c target/microblaze: Split out FSR from env->sregs
Continue eliminating the sregs array in favor of individual members.
Does not correct the width of FSR, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
78e9caf2f9 target/microblaze: Split out ESR from env->sregs
Continue eliminating the sregs array in favor of individual members.
Does not correct the width of ESR, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
b2e80a3c19 target/microblaze: Split out EAR from env->sregs
Continue eliminating the sregs array in favor of individual members.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
2e5282caa8 target/microblaze: Split out MSR from env->sregs
Continue eliminating the sregs array in favor of individual members.
Does not correct the width of MSR, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
76e8187d00 target/microblaze: Split out PC from env->sregs
Begin eliminating the sregs array in favor of individual members.
Does not correct the width of pc, yet.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
8a42ddf013 target/microblaze: Tidy gdbstub
Use an enumeration for the gdb register mapping.  Use one
switch statement for the entire dispatch.  Drop sreg_map
and simply enumerate those cases explicitly.  Force r0 to
have value 0 and ignore writes.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
853c93ed0d tests/tcg: Do not require FE_* exception bits
Define anything that is missing as 0, so that flags & FE_FOO
is false for any missing FOO.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
4c71dc37fb tests/tcg: Do not require FE_TOWARDZERO
This is optional in ISO C, and not all cpus provide it.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Richard Henderson
cdc05fb4c3 tests/tcg: Add microblaze to arches filter
Not attempting to use a single cross-compiler for both
big-endian and little-endian at this time.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01 07:41:38 -07:00
Peter Maydell
2f4c51c0f3 usb: usb_packet_map fixes for ehci and xhci.
usb: setup_len fix (CVE-2020-14364).
 usb: u2f key support (GSoC).
  * v2: 32bit build fixed.
  * v3: libu2f-emu dependency fixed.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfTLWxAAoJEEy22O7T6HE4Y1gP/RkZim1jU2FEGTGBqgWXxjeo
 +0tMAVDLU03T08CewkqHR+gWdU/MHepIRGx6ddXwl47gdMZnA2YJxxeWjXQhIKS2
 FPO2fnKPOFMjk0V3+WwDU+LLy9o/6TiiqoaHYROPpJOxRGJ3pbQbstHRa0pwiWus
 5L7PQAinOfpjM2+nzGoTpe1mH9A8vw6GheZv/xuYhaxMJ7prveJoU0zYaCfdw3Is
 dpUjkWbVv4sOwEfLtzZEpAzU2Yp9XS7/3/KDDbpFKRrqsbpvxpsbD7u8pkllz/H5
 tjiyzVVHL9tXTHCLb7TZGvDRSYKuKANJ6i/xHQ12D2YTxzK5qmKC5clN9DyqIHYl
 sS/eppzCLjO8kUdgFOKvF0zr/XOwLXrWHQlJdSkd520XuHWh4zVh72t6M7A+tsbV
 VB9Auew/37z+TREnUYJyuGjsRCLSNsuL7rV8wujwa2H2VI+aqLqIko661jJWwXGr
 iapSXrZzEHir9rxd7daj/tffvBzmFjMLEZDhQ71mZckImQJ3ct0bZ279cKDKQKr0
 xweNbRG9zXeYwyyhSxEOSwh+h0hSoBfzjrs2v3bk05PgoyN00Ro+76fthE28rwnF
 xQY9OXh4Yc9JabsuPW3Bc8aengZyQGyxI8HLybBEzHY3IZWZcERO1gnCrcUhvQz3
 SNnJG7sb+bZh5/BNEJbr
 =uVNh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200831-pull-request' into staging

usb: usb_packet_map fixes for ehci and xhci.
usb: setup_len fix (CVE-2020-14364).
usb: u2f key support (GSoC).
 * v2: 32bit build fixed.
 * v3: libu2f-emu dependency fixed.

# gpg: Signature made Mon 31 Aug 2020 09:32:49 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20200831-pull-request:
  usb: fix setup_len init (CVE-2020-14364)
  usb-host: workaround libusb bug
  hw/usb: Add U2F device autoscan to passthru mode
  hw/usb: Add U2F device check to passthru mode
  scripts: Add u2f-setup-gen script
  docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples
  docs/system: Add U2F key to the USB devices examples
  meson: Add U2F key to meson
  hw/usb: Add U2F key emulated mode
  hw/usb: Add U2F key passthru mode
  hw/usb: Add U2F key base class implementation
  hw/usb: Add U2F key base class
  docs: Add USB U2F key device documentation
  hw/usb: Regroup USB HID protocol values
  ehci: drop pointless warn_report for guest bugs.
  hw: ehci: check return value of 'usb_packet_map'
  hw: ehci: destroy sglist in error path
  hw: xhci: check return value of 'usb_packet_map'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-31 19:39:13 +01:00
Gerd Hoffmann
b946434f26 usb: fix setup_len init (CVE-2020-14364)
Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.

This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20200825053636.29648-1-kraxel@redhat.com
2020-08-31 08:23:39 +02:00
Gerd Hoffmann
202d69a715 usb-host: workaround libusb bug
libusb_get_device_speed() does not work for
libusb_wrap_sys_device() devices in v1.0.23.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1871090
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200824110057.32089-1-kraxel@redhat.com
2020-08-31 08:23:39 +02:00
César Belley
d7c1523f58 hw/usb: Add U2F device autoscan to passthru mode
This patch adds an autoscan to let u2f-passthru choose the first U2F
device it finds.

The autoscan is performed using libudev with an enumeration of all the
hidraw devices present on the host.

The first device which happens to be a U2F device is taken to do the
passtru.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-13-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:39 +02:00
César Belley
4ee40a6b98 hw/usb: Add U2F device check to passthru mode
This patchs adds a check to verify that the device passed through the
hidraw property is a U2F device.

The check is done by ensuring that the first values of the report
descriptor (USAGE PAGE and USAGE) correspond to those of a U2F device.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-12-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:39 +02:00
César Belley
dea01f6681 scripts: Add u2f-setup-gen script
This patch adds the script used to generate setup directories, needed
for the device u2f-emulated configuration in directory mode:

    python u2f-setup-gen.py $DIR
    qemu -usb -device u2f-emulated,dir=$DIR

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-11-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:39 +02:00
César Belley
c81737e537 docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples
Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-10-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:39 +02:00
César Belley
15e557b716 docs/system: Add U2F key to the USB devices examples
Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-9-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:39 +02:00
César Belley
0a40bcb740 meson: Add U2F key to meson
Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-8-cesar.belley@lse.epita.fr

[ fixes suggested by paolo ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:23:10 +02:00
César Belley
a983b1135f hw/usb: Add U2F key emulated mode
This patch adds the U2F key emulated mode.

The emulated mode consists of completely emulating the behavior of a
U2F device through software part. Libu2f-emu is used for that.

The emulated mode is associated with a device inheriting from
u2f-key base.

To work, an emulated U2F device must have differents elements which
can be given in different ways. This is detailed in docs/u2f.txt.

The Ephemeral one is the simplest way to configure, it lets the device
generate all the elements it needs for a single use of the lifetime
of the device:

    qemu -usb -device u2f-emulated

For more information about libu2f-emu see this page:
https://github.com/MattGorko/libu2f-emu.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-7-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
César Belley
299976b050 hw/usb: Add U2F key passthru mode
This patch adds the U2F key pass-through mode.

The pass-through mode consists of passing all requests made from the
guest to the physical security key connected to the host machine and
vice versa.

In addition, the dedicated pass-through allows to have a U2F security key
shared on several guests which is not possible with a simple host device
assignment pass-through.

The pass-through mode is associated with a device inheriting from
u2f-key base.

To work, it needs the path to a U2F hidraw, obtained from the Qemu
command line, and passed by the user:

    qemu -usb -device u2f-passthru,hidraw=/dev/hidrawX

Autoscan and U2F compatibility checking features are given at the end
of the patch series.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-6-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
César Belley
bb014a810b hw/usb: Add U2F key base class implementation
This patch adds the U2F key base class implementation.

The U2F key base mainly takes care of the HID interfacing with guest.
On the one hand, it retrieves the guest U2FHID packets and transmits
them to the variant associated according to the mode: pass-through
or emulated.
On the other hand, it provides the public API used by its variants to
send U2FHID packets to the guest.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-5-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
César Belley
80e267f1d1 hw/usb: Add U2F key base class
This patch adds the specification for the U2F key base class.
Used to group the common characteristics, this device class will be
inherited by its two variants, corresponding to the two modes:
passthrough and emulated

This prepares the U2F devices hierarchy which is as follow:
USB device -> u2f-key -> {u2f-passthru, u2f-emulated}.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-4-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
César Belley
785f558b6a docs: Add USB U2F key device documentation
Add USB U2F key device documentation:
- USB U2F key device
- Building
- Using u2f-emulated
- Using u2f-passthru
- Libu2f-emu

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-3-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
César Belley
84b6c23629 hw/usb: Regroup USB HID protocol values
Group some HID values that are used pretty much everywhere when
dealing with HID devices.

Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200812094135.20550-2-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
Gerd Hoffmann
10b2d90c94 ehci: drop pointless warn_report for guest bugs.
We have a tracepoint at the same place which can be enabled if needed.

Buglink: https://bugzilla.redhat.com//show_bug.cgi?id=1859236
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200722072613.10390-1-kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
Li Qiang
2fdb42d840 hw: ehci: check return value of 'usb_packet_map'
If 'usb_packet_map' fails, we should stop to process the usb
request.

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200812161727.29412-1-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
Li Qiang
dd8525472a hw: ehci: destroy sglist in error path
This may cause resource leak.

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200812161712.29361-1-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
Li Qiang
21bc31524e hw: xhci: check return value of 'usb_packet_map'
Currently we don't check the return value of 'usb_packet_map',
this will cause an UAF issue. This is LP#1891341.
Following is the reproducer provided in:
-->https://bugs.launchpad.net/qemu/+bug/1891341

cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \
-trace usb\* -device usb-audio -device usb-storage,drive=mydrive \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-nodefaults -nographic -qtest stdio
outl 0xcf8 0x80001016
outl 0xcfc 0x3c009f0d
outl 0xcf8 0x80001004
outl 0xcfc 0xc77695e
writel 0x9f0d000000000040 0xffff3655
writeq 0x9f0d000000002000 0xff2f9e0000000000
write 0x1d 0x1 0x27
write 0x2d 0x1 0x2e
write 0x17232 0x1 0x03
write 0x17254 0x1 0x06
write 0x17278 0x1 0x34
write 0x3d 0x1 0x27
write 0x40 0x1 0x2e
write 0x41 0x1 0x72
write 0x42 0x1 0x01
write 0x4d 0x1 0x2e
write 0x4f 0x1 0x01
writeq 0x9f0d000000002000 0x5c051a0100000000
write 0x34001d 0x1 0x13
write 0x340026 0x1 0x30
write 0x340028 0x1 0x08
write 0x34002c 0x1 0xfe
write 0x34002d 0x1 0x08
write 0x340037 0x1 0x5e
write 0x34003a 0x1 0x05
write 0x34003d 0x1 0x05
write 0x34004d 0x1 0x13
writeq 0x9f0d000000002000 0xff00010100400009
EOF

This patch fixes this.

Buglink: https://bugs.launchpad.net/qemu/+bug/1891341
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-id: 20200812153139.15146-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-08-31 08:10:47 +02:00
Peter Maydell
4bc08c6141 * float16 comparison wrappers
* float16 conversions to/from 8-bit integers
 * bfloat16 support
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAl9LDyIdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV81cgf/TI/O39OQ2pt+zpLN
 bU6PHBOXg1MgnGJmb7N8erSFtzv9O38umidgZvq0M2WHlYyW1bWlhKqUqJOCjLy6
 ykWII3S245XrcMZmbg3D79+GAnZJstKNiyVfeexxQDg1R58ne+OixZe2Xyyiw4VF
 Z3OrqAwsfigzZtMSILzsEG3ArhmPkR0NyUxrOmdtMfb8Pbk3k4c89LSZByRKkODb
 ajBMv+70aEu1MRO21KDN1rGzybp6Kkp7DHIbkpDtpzrLrpPW0Oob9WEnb+ozI+fU
 af3EBpblEBzO8NjSKGk7ttvQ3aH/17DPom+fJPnB1dz4fVM0uTL7m3lMUMX9JgLm
 1Fy9Vg==
 =MHCo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-sf-20200829' into staging

* float16 comparison wrappers
* float16 conversions to/from 8-bit integers
* bfloat16 support

# gpg: Signature made Sun 30 Aug 2020 03:29:54 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-sf-20200829:
  softfloat: Define comparison operations for bfloat16
  softfloat: Define misc operations for bfloat16
  softfloat: Define convert operations for bfloat16
  softfloat: Define operations for bfloat16
  softfloat: Add float16_is_normal
  softfloat: Add fp16 and uint8/int8 conversion functions
  softfloat: Implement the full set of comparisons for float16

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-30 14:01:25 +01:00
Richard Henderson
c53b107933 softfloat: Define comparison operations for bfloat16
Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-08-29 19:25:42 -07:00