Commit Graph

491 Commits

Author SHA1 Message Date
Gerd Hoffmann
818d59dc17 usb-host: don't dereference invalid iovecs
usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann
6d7aeeeb89 usb-storage: fix request canceling
Little fix for usb packet handling on i/o cancelation.  The
usb packet pointer (s->packet) is cleared at the wrong place:
The scsi request cancel handler does it.  When a usb packet
is canceled the usb-storage emulation canceles the scsi request
if present.  In most cases there is one, so usually s->packet
is cleared as needed even with the code sitting at the wrong
place.

If there is no scsi request in flight s->packet is not cleared
though.  The usb-storage emulation will then try to complete an
usb packet which is not in flight any more and thereby trigger
an assert() in the usb core.

Fix this by clearing s->packet at the correct place, which is
the usb packet cancel header.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Hans de Goede
8a771f77e2 usb-ehci: Ensure frindex writes leave a valid frindex value
frindex is a 14 bits counter, so bits 31-14 should always be 0, and
after the commit titled "usb-ehci: frindex always is a 14 bits counter"
we rely on frindex always being a multiple of 8. I've not seen this in
practice, but theoretically a guest can write a value >= 0x4000 or a value
which is not a multiple of 8 value to frindex, this patch ensures that
things will still work when that happens.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
0cc6a0f19e usb-ehci: add missing usb_packet_init() call
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
e59a8cf1eb usb-ehci: remove hack
To answer the question in the comment removed by this patch:  I think
this was needed because several places in the ehci emulation did not
check the T bit of link entries correctly and thus might have followed
invalid references.  See commit 2a5ff735dc

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
c7020c9740 usb-ehci: drop assert()
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable.  We deal
with that case by resetting the host controller.  Everything is ok, no
need to throw a core dump here.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:29 +02:00
Hans de Goede
714f9db06c usb-redir: Notify our peer when we reject a device due to a speed mismatch
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
8e24283b26 usb-ehci: Drop unused sofv value
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
96dd9aac37 usb-host: rewrite usb_linux_update_endp_table
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:

 * We are using the USBDescriptor struct instead of hard-coded offsets
   now to access descriptor data.
 * (debug) printfs are all gone, tracepoints have been added instead.
 * We don't try (and fail) to skip over unneeded descriptors.  We parse
   them all one by one.  We keep track of which configuration, interface
   and altsetting we are looking at and use this information to figure
   which desciptors are in use and which we can ignore.
 * On parse errors we clear all endpoint information, which will
   disallow any communication with the device, except control endpoint
   messages.  This makes sure we don't end up with a silly device state
   where half of the endpoints got enabled and the other half was left
   disabled.
 * Some sanity checks have been added.

The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
e36a20d329 usb: use USBDescriptor for endpoint descriptors.
Add endpoint descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
feafd797ee usb: use USBDescriptor for interface descriptors.
Add interface descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
0a263db17a usb: use USBDescriptor for config descriptors.
Add config descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
3cfeee6177 usb: use USBDescriptor for device qualifier descriptors.
Add device qualifier substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
d3f904ea7b usb: add USBDescriptor, use for device descriptors.
This patch adds a new type for the binary representation of usb
descriptors.  It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
58ea88d87a usb-ehci: frindex always is a 14 bits counter
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.

USBCMD[Frame List Size]	Number Elements		 N
00b				1024		12
01b				 512		11
10b				 256		10
11b			    Reserved"

Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).

The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":

"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."

Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.

Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
088351a7e5 usb-ehci: fix ehci_child_detach
Looks like a cut+paste bug from ehci_detach.  When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too.  When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
529f8f9fa9 usb-hub: add tracepoints
Add tracepoints to the usb hub emulation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
f5bf14bf39 usb_packet_set_state: handle p->ep == NULL
usb_packet_set_state can be called with p->ep = NULL.  The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
39c2057700 usb-host: add property to turn off pipelining
Add a property to usb-host to disable the bulk endpoint pipelining.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
19b89252a3 usb-host: add usb packet to request tracepoints
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
6aebe40796 usb-host: trace canceled requests
Add tracepoints to track canceled requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
e382e751ef usb-host: trace emulated requests
Add tracepoint to track completion of emulated control requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
65bb3a5c11 Add bootindex support to usb-host and usb-redir
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.

This patch adds bootorder support so you can even make it the default
boot device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
ee008ba626 usb-uhci: queuing fix
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already.  We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
52b0fecdba usb-uhci: stop queue filling when we find a in-flight td
Not only QHs can form rings, but TDs too.  With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles.  An assert() prevents us from
entering an endless loop then.

Fix is easy:  Just stop queuing when we figure the TD we are
about to queue up is in flight already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
eeb0cf9abf usb/vmstate: add parent dev path
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).

This obviously breaks migration.  To handle this the usb bus
property "full-path" is added.  When setting this to false old
behavior is maintained.  This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:21 +02:00
Luiz Capitulino
56f9107e43 qdev: qdev_unplug(): use error_set()
It currently uses qerror_report(), but next commit will convert
the drive_del command to the QAPI and this requires using
error_set().

One particularity of qerror_report() is that it knows when it's
running on monitor context or command-line context and prints the
error message accordingly. error_set() doesn't do this, so we
have to be careful not to drop error messages.

qdev_unplug() has three kinds of usages:

 1. It's called when hot adding a device fails, to undo anything
    that has been done before hitting the error

 2. It's called by function monitor functions like device_del(),
    to unplug a device

 3. It's used by xen_platform.c in a way that doesn't _seem_ to
    be in monitor context

Only item 2 can print an error message to the user, this commit
maintains that.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-04-09 14:35:25 -03:00
Benjamin Herrenschmidt
e2854bf323 Endian fix an assertion in usb-msd
This fixes a broken endian assumption in an assertion in usb-msd.

Cc: Gerd Hoffman <kraxel@redhat.com>

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:52:25 +01:00
Gerd Hoffmann
6c60134091 uhci: alloc can't fail, drop check.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
4efe4ef3b8 uhci: new uhci_handle_td return code for tds still in flight
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
0cd178ca2c uhci: renumber uhci_handle_td return codes
Step #2 (separate for better bisectability): renumber so the silly '-1'
goes away.  Pick a range which doesn't overlap the old values.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
60e1b2a6dd uhci: use enum for uhci_handle_td return codes
Step #1 (separate for better bisectability): replace numbers with names.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
50dcc0f85d uhci: tracing support
Zap DPRINTF, add tracepoints instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
d9a528db7f uhci: cancel on schedule stop.
Cancel any in-flight transaction when the guest stops the uhci schedule.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
60f8afcb5d uhci: fix uhci_async_cancel_all
It should also free all queues.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
16ce543ed1 uhci: pass addr to uhci_async_alloc
Also do async->td initialization in uhci_async_alloc now.
Prepares for adding tracepoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
5ac2731cf8 usb: improve packet state sanity checks
Add a new function to check whenever the packet state is as expected,
log more informations in case it isn't.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Wei Yang
86e18cae20 usb-ohci: DMA writeback bug fixes
This patch fixes two bugs in the OHCI device where the device writes
back data to system memory that should be exclusively under the
control of the guest side driver.

In OHCI specification Section 5.2.7, it mentioned "In all cases, Host
Controller Driver is responsible for the insertion and removal of all
Endpoint Descriptors in the various Host Controller Endpoint
Descriptor lists".  In the ohci_frame_boundary(), ohci_put_hcca()
writes the entire hcca back including the interrupt ED lists which
should be under driver control. This violates the specification and
can race with a host driver updating that list at the same time.

In the OHCI Spec Section 4.6, Transfer Descriptor Queue Processing, it
mentioned "Since the TD pointed to by TailP is not accessed by the HC,
the Host Controller Driver can initialize that TD and link at least
one other to it without creating a coherency or synchronization
problem".  While the function ohci_put_ed() writes the entire endpoint
descriptor back including the TailP which should under driver
control. This violate the specification and can race with a host
driver updating the TD list at the same time.

In each case the solution is to make sure we don't write data which is
under driver control.

Cc: Gerd Hoffman <kraxel@redhat.com>

Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Hans de Goede
fcb70eca3f usb-ehci: drop unused isoch_pause variable
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
afb9a60ecb usb: zap hw/ush-{ohic,uhci}.h + init wrappers
Remove the uhci and ohci init wrappers, which all wrapped a
pci_create_simple() one-liner.  Switch callsites to call
pci_create_simple directly.  Remove the header files where
the wrappers where declared.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann
f1ae32a1ec usb: the big rename
Reorganize usb source files.  Create a new hw/usb/ directory and move
all usb source code to that place.  Also make filenames a bit more
descriptive.  Host adapters are prefixed with "hch-" now, usb device
emulations are prefixed with "dev-".  Fixup paths Makefile and include
paths to make it compile.  No code changes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00