aboutsummaryrefslogtreecommitdiff
path: root/hw/usb
AgeCommit message (Collapse)Author
2020-04-07hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()Peter Maydell
The function usbback_packet_complete() currently takes a USBPacket*, which must be a pointer to the packet field within a struct usbback_req; the function uses container_of() to get the struct usbback_req* given the USBPacket*. This is unnecessarily confusing (and in particular it confuses the Coverity Scan analysis, resulting in the false positive CID 1421919 where it thinks that we write off the end of the structure). Since both callsites already have the pointer to the struct usbback_req, just pass that in directly. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Message-Id: <20200323164318.26567-1-peter.maydell@linaro.org> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-03-17Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Bugfixes all over the place * get/set_uint cleanups (Felipe) * Lock guard support (Stefan) * MemoryRegion ownership cleanup (Philippe) * AVX512 optimization for buffer_is_zero (Robert) # gpg: Signature made Tue 17 Mar 2020 15:01:54 GMT # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (62 commits) hw/arm: Let devices own the MemoryRegion they create hw/arm: Remove unnecessary memory_region_set_readonly() on ROM alias hw/ppc/ppc405: Use memory_region_init_rom() with read-only regions hw/arm/stm32: Use memory_region_init_rom() with read-only regions hw/char: Let devices own the MemoryRegion they create hw/riscv: Let devices own the MemoryRegion they create hw/dma: Let devices own the MemoryRegion they create hw/display: Let devices own the MemoryRegion they create hw/core: Let devices own the MemoryRegion they create scripts/cocci: Patch to let devices own their MemoryRegions scripts/cocci: Patch to remove unnecessary memory_region_set_readonly() scripts/cocci: Patch to detect potential use of memory_region_init_rom hw/sparc: Use memory_region_init_rom() with read-only regions hw/sh4: Use memory_region_init_rom() with read-only regions hw/riscv: Use memory_region_init_rom() with read-only regions hw/ppc: Use memory_region_init_rom() with read-only regions hw/pci-host: Use memory_region_init_rom() with read-only regions hw/net: Use memory_region_init_rom() with read-only regions hw/m68k: Use memory_region_init_rom() with read-only regions hw/display: Use memory_region_init_rom() with read-only regions ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-17Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20200317' into staging target-arm: * hw/arm/pxa2xx: Do not wire up OHCI for PXA255 * aspeed/smc: Fix number of dummy cycles for FAST_READ_4 command * m25p80: Improve command handling for Jedec and unsupported commands * hw/net/imx_fec: write TGSR and TCSR3 in imx_enet_write() * hw/arm/fsl-imx6, imx6ul: Wire up USB controllers * hw/arm/fsl-imx6ul: Instantiate unimplemented pwm and can devices # gpg: Signature made Tue 17 Mar 2020 11:40:01 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200317: hw/arm/pxa2xx: Do not wire up OHCI for PXA255 aspeed/smc: Fix number of dummy cycles for FAST_READ_4 command m25p80: Improve command handling for unsupported commands m25p80: Improve command handling for Jedec commands m25p80: Convert to support tracing hw/net/imx_fec: write TGSR and TCSR3 in imx_enet_write() hw/arm/fsl-imx6: Wire up USB controllers hw/arm/fsl-imx6ul: Wire up USB controllers hw/arm/fsl-imx6ul: Instantiate unimplemented pwm and can devices hw/arm/fsl-imx6ul: Fix USB interrupt numbers hw/usb: Add basic i.MX USB Phy support Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-17hw/usb: Add basic i.MX USB Phy supportGuenter Roeck
Add basic USB PHY support as implemented in i.MX23, i.MX28, i.MX6, and i.MX7 SoCs. The only support really needed - at least to boot Linux - is support for soft reset, which needs to reset various registers to their initial value. Otherwise, just record register values. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20200313014551.12554-2-linux@roeck-us.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-17usb-serial: Fix timeout closing the deviceJason Andryuk
Linux guests wait ~30 seconds when closing the emulated /dev/ttyUSB0. During that time, the kernel driver is sending many control URBs requesting GetModemStat (5). Real hardware returns a status with FTDI_THRE (Transmitter Holding Register) and FTDI_TEMT (Transmitter Empty) set. QEMU leaves them clear, and it seems Linux is waiting for FTDI_TEMT to be set to indicate the tx queue is empty before closing. Set the bits when responding to a GetModemStat query and avoid the shutdown delay. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-id: 20200316174610.115820-5-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-17usb-serial: Increase receive buffer to 496Jason Andryuk
A FTDI USB adapter on an xHCI controller can send 512 byte USB packets. These are 8 * ( 2 bytes header + 62 bytes data). A 384 byte receive buffer is insufficient to fill a 512 byte packet, so bump the receive size to 496 ( 512 - 2 * 8 ). Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-id: 20200316174610.115820-4-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-17usb-serial: chunk data to wMaxPacketSizeJason Andryuk
usb-serial has issues with xHCI controllers where data is lost in the VM. Inspecting the URBs in the guest, EHCI starts every 64 byte boundary (wMaxPacketSize) with a header. EHCI hands packets into usb_serial_token_in() with size 64, so these cannot cross the 64 byte boundary. The xHCI controller has packets of 512 bytes and the usb-serial will just write through the 64 byte boundary. In the guest, this means data bytes are interpreted as header, so data bytes don't make it out the serial interface. Re-work usb_serial_token_in to chunk data into 64 byte units - 2 byte header and 62 bytes data. The Linux driver reads wMaxPacketSize to find the chunk size, so we match that. Real hardware was observed to pass in 512 byte URBs (496 bytes data + 8 * 2 byte headers). Since usb-serial only buffers 384 bytes of data, usb-serial will pass in 6 64 byte blocks and 1 12 byte partial block for 462 bytes max. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-id: 20200316174610.115820-3-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-17usb-serial: Move USB_TOKEN_IN into a helper functionJason Andryuk
We'll be adding a loop, so move the code into a helper function. breaks are replaced with returns. While making this change, add braces to single line if statements to comply with coding style and keep checkpatch happy. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-id: 20200316174610.115820-2-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-16hw/usb/quirks: Use smaller types to reduce .rodata by 10KiBPhilippe Mathieu-Daudé
The USB descriptor sizes are specified as 16-bit for idVendor / idProduct, and 8-bit for bInterfaceClass / bInterfaceSubClass / bInterfaceProtocol. Doing so we reduce the usbredir_raw_serial_ids[] and usbredir_ftdi_serial_ids[] arrays from 16KiB to 6KiB (size reported on x86_64 host, building with --extra-cflags=-Os). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-03-16misc: Replace zero-length arrays with flexible array member (automatic)Philippe Mathieu-Daudé
Description copied from Linux kernel commit from Gustavo A. R. Silva (see [3]): --v-- description start --v-- The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member [1], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being unadvertenly introduced [2] to the Linux codebase from now on. --^-- description end --^-- Do the similar housekeeping in the QEMU codebase (which uses C99 since commit 7be41675f7cb). All these instances of code were found with the help of the following Coccinelle script: @@ identifier s, m, a; type t, T; @@ struct s { ... t m; - T a[0]; + T a[]; }; @@ identifier s, m, a; type t, T; @@ struct s { ... t m; - T a[0]; + T a[]; } QEMU_PACKED; [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76497732932f [3] https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?id=17642a2fbd2c1 Inspired-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-03-12hw/arm/allwinner-h3: add USB host controllerNiek Linnenbank
The Allwinner H3 System on Chip contains multiple USB 2.0 bus connections which provide software access using the Enhanced Host Controller Interface (EHCI) and Open Host Controller Interface (OHCI) interfaces. This commit adds support for both interfaces in the Allwinner H3 System on Chip. Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200311221854.30370-5-nieklinnenbank@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-10Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200310-pull-request' ↵Peter Maydell
into staging usb: bugfixes for ehci & serial. # gpg: Signature made Tue 10 Mar 2020 08:23:37 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20200310-pull-request: usb/hcd-ehci: Remove redundant statements usb-serial: wakeup device on input Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-03-09usb/dev-storage: remove unused includeMaxim Levitsky
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200308092440.23564-2-mlevitsk@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-03-09hw/usb/dev-storage: Remove unused "ui/console.h" headerPhilippe Mathieu-Daudé
The USB models related to storage don't need anything from "ui/console.h". Remove it. Acked-by: John Snow <jsnow@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200228114649.12818-6-philmd@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-03-09usb/hcd-ehci: Remove redundant statementsChen Qun
The "again" assignment is meaningless before g_assert_not_reached. In addition, the break statements no longer needs to be after g_assert_not_reached. Clang static code analyzer show warning: hw/usb/hcd-ehci.c:2108:13: warning: Value stored to 'again' is never read again = -1; ^ ~~ Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200226084647.20636-13-kuhn.chenqun@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-03-09usb-serial: wakeup device on inputJason Andryuk
Currently usb-serial devices are unable to send data into guests with the xhci controller. Data is copied into the usb-serial's buffer, but it is not sent into the guest. Data coming out of the guest works properly. usb-serial devices work properly with ehci. Have usb-serial call usb_wakeup() when receiving data from the chardev. This seems to notify the xhci controller and fix inbound data flow. Also add USB_CFG_ATT_WAKEUP to the device's bmAttributes. This matches a real FTDI serial adapter's bmAttributes. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-id: 20200306140917.26726-1-jandryuk@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-02-28hw/usb/hcd-ehci-sysbus: Remove obsolete xlnx, ps7-usb classGuenter Roeck
Xilinx USB devices are now instantiated through TYPE_CHIPIDEA, and xlnx support in the EHCI code is no longer needed. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200215122354.13706-3-linux@roeck-us.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-02-21hcd-ehci: Introduce "companion-enable" sysbus propertyGuenter Roeck
We'll use this property in a follow-up patch to insantiate an EHCI bus with companion support. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com> Message-id: 20200217204812.9857-3-linux@roeck-us.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-02-21hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include fileGuenter Roeck
We need to be able to use OHCISysBusState outside hcd-ohci.c, so move it to its include file. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com> Message-id: 20200217204812.9857-2-linux@roeck-us.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-02-12uas: fix super speed bMaxPacketSize0Gerd Hoffmann
For usb2 bMaxPacketSize0 is "n", for usb3 it is "1 << n", so it must be 9 not 64 ... rom "Universal Serial Bus 3.1 Specification": If the device is operating at Gen X speed, the bMaxPacketSize0 field shall be set to 09H indicating a 512-byte maximum packet. An Enhanced SuperSpeed device shall not support any other maximum packet sizes for the default control pipe (endpoint 0) control endpoint. We now announce a 512-byte maximum packet. Fixes: 89a453d4a5c ("uas-uas: usb3 streams") Reported-by: Benjamin David Lunt <fys@fysnet.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200117073716.31335-1-kraxel@redhat.com
2020-02-12usb-host: wait for cancel completeGerd Hoffmann
After canceling transfers call into libvirt so it can process the request, and wait for it to complete. Also cancel all pending transfers before exiting qemu. Buglink: https://bugzilla.redhat.com//show_bug.cgi?id=1749745 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200203114108.23952-1-kraxel@redhat.com
2020-02-04hw/*/Makefile.objs: Move many .o files to common-objsThomas Huth
We have many files that apparently do not depend on the target CPU configuration, i.e. which can be put into common-obj-y instead of obj-y. This way, the code can be shared for example between qemu-system-arm and qemu-system-aarch64, or the various big and little endian variants like qemu-system-sh4 and qemu-system-sh4eb, so that we do not have to compile the code multiple times anymore. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20200130133841.10779-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-01-24qdev: set properties with device_class_set_props()Marc-André Lureau
The following patch will need to handle properties registration during class_init time. Let's use a device_class_set_props() setter. spatch --macro-file scripts/cocci-macro-file.h --sp-file ./scripts/coccinelle/qdev-set-props.cocci --keep-comments --in-place --dir . @@ typedef DeviceClass; DeviceClass *d; expression val; @@ - d->props = val + device_class_set_props(d, val) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-13Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200113-pull-request' ↵Peter Maydell
into staging usb: bugfixes for xhci, usb pass-through and usb redirection. # gpg: Signature made Mon 13 Jan 2020 13:06:35 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20200113-pull-request: xhci: recheck slot status xhci: Fix memory leak in xhci_kick_epctx when poweroff GuestOS usbredir: Prevent recursion in usbredir_write usb-redir: remove 'remote wakeup' flag from configuration descriptor usb-host: remove 'remote wakeup' flag from configuration descriptor Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-13xhci: recheck slot statusGerd Hoffmann
Factor out slot status check into a helper function. Add an additional check after completing transfers. This is needed in case a guest queues multiple transfers in a row and a device unplug happens while qemu processes them. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1786413 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200107083606.12393-1-kraxel@redhat.com
2020-01-13xhci: Fix memory leak in xhci_kick_epctx when poweroff GuestOSChen Qun
start vm with libvirt, when GuestOS running, enter poweroff command using the xhci keyboard, then ASAN shows memory leak stack: Direct leak of 80 byte(s) in 5 object(s) allocated from: #0 0xfffd1e6431cb in __interceptor_malloc (/lib64/libasan.so.4+0xd31cb) #1 0xfffd1e107163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) #2 0xaaad39051367 in qemu_sglist_init /qemu/dma-helpers.c:43 #3 0xaaad3947c407 in pci_dma_sglist_init /qemu/include/hw/pci/pci.h:842 #4 0xaaad3947c407 in xhci_xfer_create_sgl /qemu/hw/usb/hcd-xhci.c:1446 #5 0xaaad3947c407 in xhci_setup_packet /qemu/hw/usb/hcd-xhci.c:1618 #6 0xaaad3948625f in xhci_submit /qemu/hw/usb/hcd-xhci.c:1827 #7 0xaaad3948625f in xhci_fire_transfer /qemu/hw/usb/hcd-xhci.c:1839 #8 0xaaad3948625f in xhci_kick_epctx /qemu/hw/usb/hcd-xhci.c:1991 #9 0xaaad3948f537 in xhci_doorbell_write /qemu/hw/usb/hcd-xhci.c:3158 #10 0xaaad38bcbfc7 in memory_region_write_accessor /qemu/memory.c:483 #11 0xaaad38bc654f in access_with_adjusted_size /qemu/memory.c:544 #12 0xaaad38bd1877 in memory_region_dispatch_write /qemu/memory.c:1482 #13 0xaaad38b1c77f in flatview_write_continue /qemu/exec.c:3167 #14 0xaaad38b1ca83 in flatview_write /qemu/exec.c:3207 #15 0xaaad38b268db in address_space_write /qemu/exec.c:3297 #16 0xaaad38bf909b in kvm_cpu_exec /qemu/accel/kvm/kvm-all.c:2383 #17 0xaaad38bb063f in qemu_kvm_cpu_thread_fn /qemu/cpus.c:1246 #18 0xaaad39821c93 in qemu_thread_start /qemu/util/qemu-thread-posix.c:519 #19 0xfffd1c8378bb (/lib64/libpthread.so.0+0x78bb) #20 0xfffd1c77616b (/lib64/libc.so.6+0xd616b) Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Message-id: 20200110105855.81144-1-kuhn.chenqun@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-13usbredir: Prevent recursion in usbredir_writeDr. David Alan Gilbert
I've got a case where usbredir_write manages to call back into itself via spice; this patch causes the recursion to fail (0 bytes) the write; this seems to avoid the deadlock I was previously seeing. I can't say I fully understand the interaction of usbredir and spice; but there are a few similar guards in spice and usbredir to catch other cases especially onces also related to spice_server_char_device_wakeup This case seems to be triggered by repeated migration+repeated reconnection of the viewer; but my debugging suggests the migration finished before this hits. The backtrace of the hang looks like: reds_handle_ticket reds_handle_other_links reds_channel_do_link red_channel_connect spicevmc_connect usbredir_create_parser usbredirparser_do_write usbredir_write qemu_chr_fe_write qemu_chr_write qemu_chr_write_buffer spice_chr_write spice_server_char_device_wakeup red_char_device_wakeup red_char_device_write_to_device vmc_write usbredirparser_do_write usbredir_write qemu_chr_fe_write qemu_chr_write qemu_chr_write_buffer qemu_mutex_lock_impl and we fail as we lang through qemu_chr_write_buffer's lock twice. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1752320 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20191218113012.13331-1-dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-13usb-redir: remove 'remote wakeup' flag from configuration descriptorYuri Benditovich
If the redirected device has this capability, Windows guest may place the device into D2 and expect it to wake when the device becomes active, but this will never happen. For example, when internal Bluetooth adapter is redirected, keyboards and mice connected to it do not work. Current commit removes this capability (starting from machine 5.0) Set 'usb-redir.suppress-remote-wake' property to 'off' to keep 'remote wake' as is or to 'on' to remove 'remote wake' on 4.2 or earlier. Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com> Message-id: 20200108091044.18055-3-yuri.benditovich@daynix.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-13usb-host: remove 'remote wakeup' flag from configuration descriptorYuri Benditovich
If the redirected device has this capability, Windows guest may place the device into D2 and expect it to wake when the device becomes active, but this will never happen. For example, when internal Bluetooth adapter is redirected, keyboards and mice connected to it do not work. Current commit removes this capability (starting from machine 5.0) Set 'usb-host.suppress-remote-wake' property to 'off' to keep 'remote wake' as is or to 'on' to remove 'remote wake' on 4.2 or earlier. Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com> Message-id: 20200108091044.18055-2-yuri.benditovich@daynix.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-08chardev: Use QEMUChrEvent enum in IOEventHandler typedefPhilippe Mathieu-Daudé
The Chardev events are listed in the QEMUChrEvent enum. By using the enum in the IOEventHandler typedef we: - make the IOEventHandler type more explicit (this handler process out-of-band information, while the IOReadHandler is in-band), - help static code analyzers. This patch was produced with the following spatch script: @match@ expression backend, opaque, context, set_open; identifier fd_can_read, fd_read, fd_event, be_change; @@ qemu_chr_fe_set_handlers(backend, fd_can_read, fd_read, fd_event, be_change, opaque, context, set_open); @depends on match@ identifier opaque, event; identifier match.fd_event; @@ static -void fd_event(void *opaque, int event) +void fd_event(void *opaque, QEMUChrEvent event) { ... } Then the typedef was modified manually in include/chardev/char-fe.h. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Corey Minyard <cminyard@mvista.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20191218172009.8868-15-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-07ccid-card-passthru: Explicit we ignore QEMUChrEvent in IOEventHandlerPhilippe Mathieu-Daudé
The Chardev events are listed in the QEMUChrEvent enum. To be able to use this enum in the IOEventHandler typedef, we need to explicit all the events ignored by this frontend, to silent the following GCC warning: hw/usb/ccid-card-passthru.c: In function ‘ccid_card_vscard_event’: hw/usb/ccid-card-passthru.c:314:5: error: enumeration value ‘CHR_EVENT_MUX_IN’ not handled in switch [-Werror=switch] 314 | switch (event) { | ^~~~~~ hw/usb/ccid-card-passthru.c:314:5: error: enumeration value ‘CHR_EVENT_MUX_OUT’ not handled in switch [-Werror=switch] hw/usb/ccid-card-passthru.c:314:5: error: enumeration value ‘CHR_EVENT_CLOSED’ not handled in switch [-Werror=switch] cc1: all warnings being treated as errors Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20191218172009.8868-7-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-07hw/usb/redirect: Explicit we ignore few QEMUChrEvent in IOEventHandlerPhilippe Mathieu-Daudé
The Chardev events are listed in the QEMUChrEvent enum. To be able to use this enum in the IOEventHandler typedef, we need to explicit all the events ignored by this frontend, to silent the following GCC warning: CC hw/usb/redirect.o hw/usb/redirect.c: In function ‘usbredir_chardev_event’: hw/usb/redirect.c:1361:5: error: enumeration value ‘CHR_EVENT_BREAK’ not handled in switch [-Werror=switch] 1361 | switch (event) { | ^~~~~~ hw/usb/redirect.c:1361:5: error: enumeration value ‘CHR_EVENT_MUX_IN’ not handled in switch [-Werror=switch] hw/usb/redirect.c:1361:5: error: enumeration value ‘CHR_EVENT_MUX_OUT’ not handled in switch [-Werror=switch] cc1: all warnings being treated as errors Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20191218172009.8868-6-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-07hw/usb/dev-serial: Explicit we ignore few QEMUChrEvent in IOEventHandlerPhilippe Mathieu-Daudé
The Chardev events are listed in the QEMUChrEvent enum. To be able to use this enum in the IOEventHandler typedef, we need to explicit all the events ignored by this frontend, to silent the following GCC warning: hw/usb/dev-serial.c: In function ‘usb_serial_event’: hw/usb/dev-serial.c:468:5: error: enumeration value ‘CHR_EVENT_MUX_IN’ not handled in switch [-Werror=switch] 468 | switch (event) { | ^~~~~~ hw/usb/dev-serial.c:468:5: error: enumeration value ‘CHR_EVENT_MUX_OUT’ not handled in switch [-Werror=switch] cc1: all warnings being treated as errors Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20191218172009.8868-5-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-07hw/usb/redirect: Do not link 'usb-redir' device when USB not enabledPhilippe Mathieu-Daudé
The 'usb-redir' device requires the USB core code to work. Do not link it when there is no USB support. This fixes: $ qemu-system-tricore -M tricore_testboard -device usb-redir qemu-system-tricore: -device usb-redir: No 'usb-bus' bus found for device 'usb-redir' Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20191231183216.6781-2-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-12-18hw/usb: rename Error ** parameter to more common errpVladimir Sementsov-Ogievskiy
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20191205174635.18758-18-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2019-12-16hw/usb: Remove the USB bluetooth dongle deviceThomas Huth
We are going to remove the bluetooth backend, so the USB bluetooth dongle can not work anymore. It's a completely optional device, no board depends on it, so let's simply remove it now. Message-Id: <20191120091014.16883-3-thuth@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2019-11-06usb-host: add option to allow all resets.Gerd Hoffmann
Commit 65f14ab98da1 ("usb-host: skip reset for untouched devices") filters out multiple usb device resets in a row. While this improves the situation for usb some devices it doesn't work for others :-( So go add a config option to make the behavior configurable. Buglink: https://bugs.launchpad.net/bugs/1846451 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20191015064426.19454-1-kraxel@redhat.com
2019-10-18usbaudio: change playback counters to 64 bitKővágó, Zoltán
With stereo playback, they need about 375 minutes of continuous audio playback to overflow, which is usually not a problem (as stopping and later resuming playback resets the counters). But with 7.1 audio, they only need about 95 minutes to overflow. After the overflow, the buf->prod % USBAUDIO_PACKET_SIZE(channels) assertion no longer holds true, which will result in overflowing the buffer. With 64 bit variables, it would take about 762000 years to overflow. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: ff866985ed369f1e18ea7c70da6a7fce8e241deb.1570996490.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-10-18usb-audio: support more than two channels of audioKővágó, Zoltán
This commit adds support for 5.1 and 7.1 audio playback. This commit adds a new property to usb-audio: * multi=on|off Whether to enable the 5.1 and 7.1 audio support. When off (default) it continues to emulate the old stereo-only device. When on, it emulates a slightly different audio device that supports 5.1 and 7.1 audio. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 98e96606228afa907fa238eac26573d5af63434a.1570996490.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-10-18usb-audio: do not count on avail bytes actually availableKővágó, Zoltán
This assumption is no longer true when mixeng is turned off. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: d63f4d39a0ee7a2e4e7e4a2eb005ba79120eaf1d.1570996490.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-29usb-mtp: add sanity checks on rootdirBandan Das
Currently, we don't check if rootdir exists and is accessible. Furthermore, a trailing slash results in a null "desc" string which ends up in the share not visible in the guest. Add some simple sanity checks for appropriate permissions. Also, bail out if the user does not supply an absolute path. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: jpga7bto3on.fsf@linux.bootlegged.copy Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-29xhci: Fix memory leak in xhci_kick_epctxfangying
Address Sanitizer shows memory leak in xhci_kick_epctx hw/usb/hcd-xhci.c:1912. A sglist is leaked when a packet is retired and returns USB_RET_NAK status. The leak stack is as bellow: Direct leak of 2688 byte(s) in 168 object(s) allocated from: #0 0xffffae8b11db in __interceptor_malloc (/lib64/libasan.so.4+0xd31db) #1 0xffffae5c9163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) #2 0xaaaabb6fb3f7 in qemu_sglist_init dma-helpers.c:43 #3 0xaaaabba705a7 in pci_dma_sglist_init include/hw/pci/pci.h:837 #4 0xaaaabba705a7 in xhci_xfer_create_sgl hw/usb/hcd-xhci.c:1443 #5 0xaaaabba705a7 in xhci_setup_packet hw/usb/hcd-xhci.c:1615 #6 0xaaaabba77a6f in xhci_kick_epctx hw/usb/hcd-xhci.c:1912 #7 0xaaaabbdaad27 in timerlist_run_timers util/qemu-timer.c:592 #8 0xaaaabbdab19f in qemu_clock_run_timers util/qemu-timer.c:606 #9 0xaaaabbdab19f in qemu_clock_run_all_timers util/qemu-timer.c:692 #10 0xaaaabbdab9a3 in main_loop_wait util/main-loop.c:524 #11 0xaaaabb6ff5e7 in main_loop vl.c:1806 #12 0xaaaabb1e1453 in main vl.c:4488 Signed-off-by: Ying Fang <fangying1@huawei.com> Message-id: 20190828062535.1573-1-fangying1@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-29xhci: Fix memory leak in xhci_address_slotYing Fang
Address Sanitizer shows memory leak in xhci_address_slot hw/usb/hcd-xhci.c:2156 and the stack is as bellow: Direct leak of 64 byte(s) in 4 object(s) allocated from: #0 0xffff91c6f5ab in realloc (/lib64/libasan.so.4+0xd35ab) #1 0xffff91987243 in g_realloc (/lib64/libglib-2.0.so.0+0x57243) #2 0xaaaab0b26a1f in qemu_iovec_add util/iov.c:296 #3 0xaaaab07e5ce3 in xhci_address_slot hw/usb/hcd-xhci.c:2156 #4 0xaaaab07e5ce3 in xhci_process_commands hw/usb/hcd-xhci.c:2493 #5 0xaaaab00058d7 in memory_region_write_accessor qemu/memory.c:507 #6 0xaaaab0000d87 in access_with_adjusted_size memory.c:573 #7 0xaaaab000abcf in memory_region_dispatch_write memory.c:1516 #8 0xaaaaaff59947 in flatview_write_continue exec.c:3367 #9 0xaaaaaff59c33 in flatview_write exec.c:3406 #10 0xaaaaaff63b3b in address_space_write exec.c:3496 #11 0xaaaab002f263 in kvm_cpu_exec accel/kvm/kvm-all.c:2288 #12 0xaaaaaffee427 in qemu_kvm_cpu_thread_fn cpus.c:1290 #13 0xaaaab0b1a943 in qemu_thread_start util/qemu-thread-posix.c:502 #14 0xffff908ce8bb in start_thread (/lib64/libpthread.so.0+0x78bb) #15 0xffff908165cb in thread_start (/lib64/libc.so.6+0xd55cb) Cc: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Ying Fang <fangying1@huawei.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Message-id: 20190827080209.2365-1-fangying1@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-22Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190822-pull-request' ↵Peter Maydell
into staging usb: bugfixes and minor improvements. # gpg: Signature made Thu 22 Aug 2019 07:52:32 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20190822-pull-request: ehci: fix queue->dev null ptr dereference usb: reword -usb command-line option and mention xHCI xhci: Add No Op Command usb-redir: merge interrupt packets usbredir: fix buffer-overflow on vmload Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-22ehci: fix queue->dev null ptr dereferenceGerd Hoffmann
In case we don't have a device for an active queue, just skip processing the queue (same we do for inactive queues) and log a guest bug. Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20190821085319.13711-1-kraxel@redhat.com
2019-08-21xhci: Add No Op CommandHikaru Nishida
This commit adds No Op Command (23) to xHC for verifying the operation of the Command Ring mechanisms. No Op Command is defined in XHCI spec (4.6.2) and just reports Command Completion Event with Completion Code == Success. Before this commit, No Op Command is not implemented so xHC reports Command Completion Event with Completion Code == TRB Error. This commit fixes this behaviour to report Completion Code correctly. Signed-off-by: Hikaru Nishida <hikarupsp@gmail.com> Message-id: 20190720060427.50457-1-hikarupsp@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-21usb-redir: merge interrupt packetsMartin Cerveny
Interrupt packets (limited by wMaxPacketSize) should be buffered and merged by algorithm described in USB spec. (see usb_20.pdf/5.7.3 Interrupt Transfer Packet Size Constraints). Signed-off-by: Martin Cerveny <M.Cerveny@computer.org> Message-id: 20190724125859.14624-2-M.Cerveny@computer.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-21usbredir: fix buffer-overflow on vmloadMarc-André Lureau
If interface_count is NO_INTERFACE_INFO, let's not access the arrays out-of-bounds. ==994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000243930 at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40 READ of size 1 at 0x625000243930 thread T0 #0 0x5642068086a7 in usbredir_check_bulk_receiving /home/elmarco/src/qemu/hw/usb/redirect.c:1503 #1 0x56420681301c in usbredir_post_load /home/elmarco/src/qemu/hw/usb/redirect.c:2154 #2 0x5642068a56c2 in vmstate_load_state /home/elmarco/src/qemu/migration/vmstate.c:168 #3 0x56420688e2ac in vmstate_load /home/elmarco/src/qemu/migration/savevm.c:829 #4 0x5642068980cb in qemu_loadvm_section_start_full /home/elmarco/src/qemu/migration/savevm.c:2211 #5 0x564206899645 in qemu_loadvm_state_main /home/elmarco/src/qemu/migration/savevm.c:2395 #6 0x5642068998cf in qemu_loadvm_state /home/elmarco/src/qemu/migration/savevm.c:2467 #7 0x56420685f3e9 in process_incoming_migration_co /home/elmarco/src/qemu/migration/migration.c:449 #8 0x564207106c47 in coroutine_trampoline /home/elmarco/src/qemu/util/coroutine-ucontext.c:115 #9 0x7f0c0604e37f (/lib64/libc.so.6+0x4d37f) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190807084048.4258-1-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-21audio: add audiodev properties to frontendsKővágó, Zoltán
Finally add audiodev= options to audio frontends so users can specify which backend to use when multiple backends exist. Not specifying an audiodev= option currently causes the first audiodev to be used, this is fixed in the next commit. Example usage: -audiodev pa,id=foo -device AC97,audiodev=foo Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: d64db52dda2d0e9d97bc5ab1dd9adf724280fea1.1566168923.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-16sysemu: Split sysemu/runstate.h off sysemu/sysemu.hMarkus Armbruster
sysemu/sysemu.h is a rather unfocused dumping ground for stuff related to the system-emulator. Evidence: * It's included widely: in my "build everything" tree, changing sysemu/sysemu.h still triggers a recompile of some 1100 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h, down from 5400 due to the previous two commits). * It pulls in more than a dozen additional headers. Split stuff related to run state management into its own header sysemu/runstate.h. Touching sysemu/sysemu.h now recompiles some 850 objects. qemu/uuid.h also drops from 1100 to 850, and qapi/qapi-types-run-state.h from 4400 to 4200. Touching new sysemu/runstate.h recompiles some 500 objects. Since I'm touching MAINTAINERS to add sysemu/runstate.h anyway, also add qemu/main-loop.h. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190812052359.30071-30-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> [Unbreak OS-X build]