aboutsummaryrefslogtreecommitdiff
path: root/hw/usb/bus.c
AgeCommit message (Collapse)Author
2014-05-05usb: sanity check setup_index+setup_len in post_loadMichael S. Tsirkin
CVE-2013-4541 s->setup_len and s->setup_index are fed into usb_packet_copy as size/offset into s->data_buf, it's possible for invalid state to exploit this to load arbitrary data. setup_len and setup_index should be checked to make sure they are not negative. Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-01-16usb: add support for microsoft os descriptorsGerd Hoffmann
This patch adds support for special usb descriptors used by microsoft windows. They allow more fine-grained control over driver binding and adding entries to the registry for configuration. As this is a guest-visible change the "msos-desc" compat property has been added to turn this off for 1.7 + older Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-26usb: Add usb_device_alloc/free_streamsHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-05qdev: Drop misleading qdev_free() functionStefan Hajnoczi
The qdev_free() function name is misleading since all the function does is unlink the device from its parent. The device is not necessarily freed. The device will be freed when its QObject refcount reaches zero. It is usual for the parent (bus) to hold the final reference but there are cases where something else holds a reference so "free" is a misleading name. Call object_unparent(obj) directly instead of having a qdev wrapper function. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-09-10usb: sanity check setup_index+setup_len in post_loadGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-08-30qdev: Pass size to qbus_create_inplace()Andreas Färber
To be passed to object_initialize(). Since commit 39355c3826f5d9a2eb1ce3dc9b4cdd68893769d6 the argument is void*, so drop some superfluous (BusState *) casts or direct parent field usages. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-08-30usb: Pass size to usb_bus_new()Andreas Färber
To be passed to qbus_create_inplace(). Use DEVICE() cast to avoid a direct parent field access. Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-06-24usb: add serial bus propertyGerd Hoffmann
This patch adds a serial property for all usb devices, which can be used to set the serial number of a usb device (as listed by lsusb -v) to a specific value. Applies to emulated devices only. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-23usb: better speed mismatch error reportingGerd Hoffmann
Report the supported speeds for device and port in the error message. Also add the speeds to the tracepoint. And while being at it drop the redundant error message in usb_desc_attach, usb_device_attach will report the error anyway. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-03usb-hub: limit chain lengthGerd Hoffmann
USB supports up to 5 hubs chained. Catch attempts to chain more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-01-17HMP: add QDict to info callback handlerWenchao Xia
This patch change all info call back function to take additional QDict * parameter, which allow those command take parameter. Now it is set to NULL at default case. Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2013-01-10Make all static TypeInfos constAndreas Färber
Since 39bffca2030950ef6efe57c2fac8327a45ae1015 (qdev: register all types natively through QEMU Object Model), TypeInfo as used in the common, non-iterative pattern is no longer amended with information and should therefore be const. Fix the documented QOM examples: sed -i 's/static TypeInfo/static const TypeInfo/g' include/qom/object.h Since frequently the wrong examples are being copied by contributors of new devices, fix all types in the tree: sed -i 's/^static TypeInfo/static const TypeInfo/g' */*.c sed -i 's/^static TypeInfo/static const TypeInfo/g' */*/*.c This also avoids to piggy-back these changes onto real functional changes or other refactorings. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-01-07usb: Add an usb_device_ep_stopped USBDevice methodHans de Goede
Some usb devices (host or network redirection) can benefit from knowing when the guest stops using an endpoint. Redirection may involve submitting packets independently from the guest (in combination with a fifo buffer between the redirection code and the guest), to ensure that buffers of the real usb device are timely emptied. This is done for example for isoc traffic and for interrupt input endpoints. But when the (re)submission of packets is done by the device code, then how does it know when to stop this? For isoc endpoints this is handled by detecting a set interface (change alt setting) command, which works well for isoc endpoints. But for interrupt endpoints currently the redirection code never stops receiving data from the device, which is less then ideal. However the controller emulation is aware when a guest looses interest, as then the qh for the endpoint gets unlinked (ehci, ohci, uhci) or the endpoint is explicitly stopped (xhci). This patch adds a new ep_stopped USBDevice method and modifies the hcd code to call this on queue unlink / ep stop. This makes it possible for the redirection code to properly stop receiving interrupt input (*) data when the guest no longer has interest in it. *) And in the future also buffered bulk input. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-19softmmu: move include files to include/sysemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19monitor: move include files to include/monitor/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-04usb: Allow overriding of usb_desc at the device levelHans de Goede
This allows devices to present a different set of descriptors based on device properties. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-29usb: fail usbdevice_create() when there is no USB busStefan Hajnoczi
Report an error instead of segfaulting when attaching a USB device to a machine with no USB busses: $ qemu-system-arm -machine vexpress-a9 \ -sd Fedora-17-armhfp-vexpress-mmcblk0.img \ -kernel vmlinuz-3.4.2-3.fc17.armv7hl \ -initrd initramfs-3.4.2-3.fc17.armv7hl.img \ -usbdevice disk:format=raw:test.img Note that the vexpress-a9 machine does not have a USB host controller. Reported-by: David Abdurachmanov <David.Abdurachmanov@cern.ch> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08usb: split packet result into actual_length + statusHans de Goede
Since with the ehci and xhci controllers a single packet can be larger then maxpacketsize, it is possible for the result of a single packet to be both having transferred some data as well as the transfer to have an error. An example would be an input transfer from a bulk endpoint successfully receiving 1 or more maxpacketsize packets from the device, followed by a packet signalling halt. While already touching all the devices and controllers handle_packet / handle_data / handle_control code, also change the return type of these functions to void, solely storing the status in the packet. To make the code paths for regular versus async packet handling more uniform. This patch unfortunately is somewhat invasive, since makeing the qemu usb core deal with this requires changes everywhere. This patch only prepares the usb core for this, all the hcd / device changes are done in such a way that there are no functional changes. This patch has been tested with uhci and ehci hcds, together with usb-audio, usb-hid and usb-storage devices, as well as with usb-redir redirection with a wide variety of real devices. Note that there is usually no need to directly set packet->actual_length form devices handle_data callback, as that is done by usb_packet_copy() Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25usb: Add USB_RET_ADD_TO_QUEUE packet result codeHans de Goede
This can be used by usb-device code which wishes to process an entire endpoint queue at once, to do this the usb-device code returns USB_RET_ADD_TO_QUEUE from its handle_data class method and defines a flush_ep_queue class method to call when the hcd is done queuing up packets. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20usb: restore USBDevice->attached on vmloadGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-18qdev: Convert busses to QEMU Object ModelAnthony Liguori
This is far less interesting than it sounds. We simply add an Object to each BusState and then register the types appropriately. Most of the interesting refactoring will follow in the next patches. Since we're changing fundamental type names (BusInfo -> BusClass), it all needs to convert at once. Fortunately, not a lot of code is affected. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [AF: Made all new bus TypeInfos static const.] [AF: Made qbus_free() call object_delete(), required {qom,glib}_allocated] Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18qdev: Use wrapper for qdev_get_pathAnthony Liguori
This makes it easier to remove it from BusInfo. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [AF: Drop now unnecessary NULL initialization in scsibus_get_dev_path()] Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18qdev: Move bus properties to abstract superclassesPaolo Bonzini
In qdev, each bus in practice identified an abstract superclass, but this was mostly hidden. In QOM, instead, these abstract classes are explicit so we can move bus properties there. All bus property walks are removed, and all device property walks are changed to look along the class hierarchy instead. We would have duplicates if class A defines some properties and its subclass B does not define any, because class_b->props will be left equal to class_a->props. The solution here is to reintroduce the class_base_init TypeInfo callback, that was present in one of the early QOM versions but removed (on my request...) before committing. This breaks global bus properties, an obscure feature when used with the command-line which is actually useful and used when used by backwards-compatible machine types. So this patch also adjusts the global bus properties in hw/pc_piix.c to refer to the abstract class. Globals and other properties must be modified in the same patch to avoid complications related to initialization ordering. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18qdev: Move bus properties to a separate globalPaolo Bonzini
Simple code movement in order to simplify future refactoring. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-17usb/vmstate: add parent dev pathGerd Hoffmann
... to make vmstate id string truely unique with multiple host controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr" (usb tabled connected to piix3 uhci). This obviously breaks migration. To handle this the usb bus property "full-path" is added. When setting this to false old behavior is maintained. This way current qemu will be compatible with old versions when started using '-M pc-$oldversion'. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13usb: the big renameGerd Hoffmann
Reorganize usb source files. Create a new hw/usb/ directory and move all usb source code to that place. Also make filenames a bit more descriptive. Host adapters are prefixed with "hch-" now, usb device emulations are prefixed with "dev-". Fixup paths Makefile and include paths to make it compile. No code changes. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>