aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-03-07usb: add shortcut for control transfersGerd Hoffmann
Add a more direct code path to submit control transfers. Instead of feeding three usb packets (setup, data, ack) to usb_handle_packet and have the do_token_* functions in usb.c poke the control transfer parameters out of it just submit a single packet carrying the actual data with the control xfer parameters filled into USBPacket->parameters. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb: add pipelining option to usb endpointsGerd Hoffmann
With this patch applied USB drivers can enable pipelining per endpoint. With pipelining enabled the usb core will continue submitting packets even when there are still async transfers in flight instead of passing them on one by one. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb: queue can have async packetsGerd Hoffmann
This can happen today in case the ->complete() callback queues up the next packet. Also we'll support pipelining soon, which allows to have multiple packets per queue in flight (aka ASYNC) state. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07uhci_fill_queue: zap debug printfGerd Hoffmann
2012-03-07usb: add USB_RET_IOERRORHans de Goede
We already have USB_RET_NAK, but that means that a device does not want to send/receive right now. But with host / network redirection we can actually have a transaction fail due to some io error, rather then ie the device just not having any data atm. This patch adds a new error code named USB_RET_IOERROR for this, and uses it were appropriate. Notes: -Currently all usb-controllers handle this the same as NODEV, but that may change in the future, OHCI could indicate a CRC error instead for example. -This patch does not touch hw/usb-musb.c, that is because the code in there handles STALL and NAK specially and has a if status < 0 generic catch all for all other errors Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Cleanup itd error handlingHans de Goede
All error statuses except for NAK are handled in a switch case, move the handling of NAK into the same switch case. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Fix and simplify nakcnt handlingHans de Goede
The nakcnt code in ehci_execute_complete() marked transactions as finished when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK means that the device cannot receive / send data at that time and that the transaction should be retried later, which is also what the usb-uhci and usb-ohci code does. Note that there already was some special code in place to handle this for interrupt endpoints in the form of doing a return from ehci_execute_complete() when reload == 0, but that for bulk transactions this was not handled correctly (where as for example the usb-ccid device does return USB_RET_NAK for bulk packets). Besides that the code in ehci_execute_complete() decrement nakcnt by 1 on a packet result of USB_RET_NAK, but -since the transaction got marked as finished, nakcnt would never be decremented again -there is no code checking for nakcnt becoming 0 -there is no use in re-trying the transaction within the same usb frame / usb-ehci frame-timer call, since the status of emulated devices won't change as long as the usb-ehci frame-timer is running So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus claiming that we've tried reload times (or as many times as possible if reload is 0). Besides the code in ehci_execute_complete() handling USB_RET_NAK there was also code handling it in ehci_state_executing(), which calls ehci_execute_complete(), and then does its own handling on top of the handling in ehci_execute_complete(), this code would decrement nakcnt *again* (if not already 0), or restore the reload value (which was never changed) on success. Since the double decrement was wrong to begin with, and is no longer needed now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload is not needed either, this patch simply removes all nakcnt handling from ehci_state_executing(). Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Remove dead nakcnt codeHans de Goede
This patch removes 2 bits of dead nakcnt code: 1) usb_ehci_execute calls ehci_qh_do_overlay which does: nakcnt = reload; and then has a block of code which is conditional on: if (reload && !nakcnt) { which ofcourse is never true now as nakcnt == reload. 2) ehci_state_fetchqh does: nakcnt = reload; but before nakcnt is ever used ehci_state_fetchqh is always followed by a ehci_qh_do_overlay call which also does: nakcnt = reload; So doing this from ehci_state_fetchqh is redundant. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Fix cerr trackingHans de Goede
cerr should only be decremented on errors which cause XactErr to be set, and when that happens the failing transaction should be retried until cerr reaches 0 and only then should USBSTS_ERRINT be set (and inactive cleared and USBSTS_INT set if requested). Since we don't have any hardware level errors (and in case of redirection the real hardware has already retried), re-trying makes no sense, so immediately set cerr to 0 on errors which set XactErr. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Any packet completion except for NAK should set the interruptHans de Goede
As clearly stated in the 2.3.2 of the EHCI spec, any time USBERRINT get sets then if the td has its IOC bit set USBINT should be set as well. This means that for any status except for USB_RET_NAK we should set USBINT if the IOC bit is set. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Rip the queues when the async or period schedule is haltedHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Drop cached qhs when the doorbell gets rungHans de Goede
The purpose of the IAAD bit / the doorbell is to make the ehci controller forget about cached qhs, this is mainly used when cancelling transactions, the qh is unlinked from the async schedule and then the doorbell gets rung, once the doorbell is acked by the controller the hcd knows that the qh is no longer in use and that it can do something else with the memory, such as re-use it for a new qh! But we keep our struct representing this qh around for circa 250 ms. This allows for a (mightily large) race window where the following could happen: -hcd submits a qh at address 0xdeadbeef -our ehci code sees the qh, sends a request to a usb-device, gets a result of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT -hcd unlinks the qh at address 0xdeadbeef -hcd rings the doorbell, wait for us to ack it -hcd re-uses the qh at address 0xdeadbeef -our ehci code sees the qh, looks in the async_queue, sees there already is a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT, does nothing -the *original* (which the hcd thinks it has cancelled) transaction finishes -our ehci code sees the qh on yet another pass through the async list, looks in the async_queue, sees there already is a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction with the results of the *original* transaction. Not good (tm), this patch fixes this race by removing all qhs which have not been seen during the last cycle through the async list immidiately when the doorbell is rung. Note this patch does not fix any actually observed problem, but upon reading of the EHCI spec it became apparent to me that the above race could happen and the usb-ehci behavior from before this patch is not good. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: always call ehci_queues_rip_unused for period queuesHans de Goede
Before this patch USB 2 devices with interrupt endpoints were not working properly. The problem is that to avoid loops we stop processing as soon as we encounter a queue-head (qh) we've already seen since qhs can be linked in a circular fashion, this is tracked by the seen flag in our qh struct. The resetting of the seen flag is done from ehci_queues_rip_unused which before this patch was only called when executing the statemachine for the async schedule. But packets for interrupt endpoints are part of the periodic schedule! So what would happen is that when there were no ctrl or bulk packets for a USB 2 device with an interrupt endpoint, the async schedule would become non active, then ehci_queues_rip_unused would no longer get called and when processing the qhs for the interrupt endpoints from the periodic schedule their seen bit would still be 1 and they would be skipped. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: split our qh queue into async and periodic queuesHans de Goede
qhs can be part of both the async and the periodic schedule, as is shown in later patches in this series it is useful to keep track of the qhs on a per schedule basis. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-07usb-ehci: Never follow table entries with the T-bit setHans de Goede
Before this patch the T-bit was not checked in 2 places, while it should be. Once we properly check the T-bit everywhere we no longer need the weird entry < 0x1000 and entry > 0x1000 checks, so this patch removes them. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-05s390: Rework kernel loading: supports elf and newer kernelsChristian Borntraeger
This reworks the image loading on s390. Newer kernels will not always have a 0dd0 (basr 13,0) at address 0x10000. We must not rely on specific code at certain addresses. This check was introduced to warn users that tried to load vmlinux, since ELF loading was not supported. Lets wire that up. If elf loading fails, we assume that this is a standard kernel image and load that via load_image_targphys. This patch also changes all other users of load_image to load_image_targphys to be consistent. (the elf loader registers the kernel as rom). Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-03-03Merge branch 'arm-devs.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv properties arm: add device tree support arm: make sure that number of irqs can be represented in GICD_TYPER. arm: clean up GIC constants
2012-03-02hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv propertiesPeter Maydell
Fix confusion in the Property arrays for the "arm11mpcore_priv" (per-CPU devices for the ARM11MPcore CPU) and "realview_mpcore" (realview-eb board specific device encapsulating CPU and some extra interrupt controllers) -- the num-irq property was defined on the wrong device and the mpcore_rirq_properties were defined as offsets in the wrong structure. The effect was that the realview-eb-mpcore machine would abort on startup trying to allocate an insane amount of memory. (This bug was introduced in the QOM conversion in commit 999e12bb.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-02arm: add device tree supportGrant Likely
If compiled with CONFIG_FDT, allow user to specify a device tree file using the -dtb argument. If the machine supports it then the dtb will be loaded into memory and passed to the kernel on boot. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com> Signed-off-by: Grant Likely <grant.likely@secretlab.ca> [Peter Maydell: Use machine opt rather than global to pass dtb filename] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-02arm: make sure that number of irqs can be represented in GICD_TYPER.Rusty Russell
We currently assume that the number of interrupts (ITLinesNumber in the architecture reference manual) is divisible by 32, since we present it to the guest when it reads GICD_TYPER (in gic_dist_readb()) as (N / 32) - 1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-02arm: clean up GIC constantsRusty Russell
Interrupts numbers 0-31 are private to the processor interface, 32-1019 are general interrupts. Add GIC_INTERNAL and substitute everywhere. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> [Peter Maydell: converted some tabs to spaces] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-03-01Merge remote-tracking branch 'qemu-kvm/memory/core' into stagingAnthony Liguori
* qemu-kvm/memory/core: (30 commits) memory: allow phys_map tree paths to terminate early memory: unify PhysPageEntry::node and ::leaf memory: change phys_page_set() to set multiple pages memory: switch phys_page_set() to a recursive implementation memory: replace phys_page_find_alloc() with phys_page_set() memory: simplify multipage/subpage registration memory: give phys_page_find() its own tree search loop memory: make phys_page_find() return a MemoryRegionSection memory: move tlb flush to MemoryListener commit callback memory: unify the two branches of cpu_register_physical_memory_log() memory: fix RAM subpages in newly initialized pages memory: compress phys_map node pointers to 16 bits memory: store MemoryRegionSection pointers in phys_map memory: unify phys_map last level with intermediate levels memory: remove first level of l1_phys_map memory: change memory registration to rebuild the memory map on each change memory: support stateless memory listeners memory: split memory listener for the two address spaces xen: ignore I/O memory regions memory: allow MemoryListeners to observe a specific address space ...
2012-03-01Merge remote-tracking branch 'qemu-kvm/uq/master' into stagingAnthony Liguori
* qemu-kvm/uq/master: pc-bios: update kvmvapic.bin kvmvapic: Use optionrom helpers optionsrom: Reserve space for checksum kvmvapic: Simplify mp/up_set_tpr kvmvapic: Introduce TPR access optimization for Windows guests kvmvapic: Add option ROM target-i386: Add infrastructure for reporting TPR MMIO accesses Allow to use pause_all_vcpus from VCPU context Process pending work while waiting for initial kick-off in TCG mode Remove useless casts from cpu iterators kvm: Set cpu_single_env only once kvm: Synchronize cpu state in kvm_arch_stop_on_emulation_error()
2012-02-29Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: (27 commits) qemu-img: fix segment fault when the image format is qed qemu-io: fix segment fault when the image format is qed qemu-tool: revert cpu_get_clock() abort(3) qemu-iotests: Test rebase with short backing file qemu-iotests: 026: Reduce output changes for cache=none qcow2 qemu-iotests: Filter out DOS line endings test: add image streaming tests qemu-iotests: add iotests Python module qemu-iotests: export TEST_DIR for non-bash tests QMP: Add qmp command for blockdev-group-snapshot-sync qapi: Introduce blockdev-group-snapshot-sync command qcow2: Reject too large header extensions qcow2: Fix offset in qcow2_read_extensions block: drop aio_multiwrite in BlockDriver block: remove unused fields in BlockDriverState qcow2: Fix build with DEBUG_EXT enabled ide: fail I/O to empty disk fdc: DIR (Digital Input Register) should return status of current drive... fdc: fix seek command, which shouldn't check tracks fdc: check if media rate is correct before doing any transfer ...
2012-02-29Merge remote-tracking branch 'spice/spice.v49' into stagingAnthony Liguori
* spice/spice.v49: qxl: properly handle upright and non-shared surfaces Error out when tls-channel option is used without TLS spice: use error_report to report errors qxl: add optinal 64bit vram bar qxl: make qxl_render_update async qxl: introduce QXLCookie qxl: remove flipped qxl: require spice >= 0.8.2 qxl: drop qxl_spice_update_area_async definition sdl: remove NULL check, g_malloc0 can't fail qxl: fix spice+sdl no cursor regression
2012-02-29Merge remote-tracking branch 'kraxel/usb.39' into stagingAnthony Liguori
* kraxel/usb.39: (21 commits) usb: Resolve warnings about unassigned bus on usb device creation usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint usb-redir: Limit return values returned by iso packets usb-redir: Let the usb-host know about our device filtering usb-redir: Always clear device state on filter reject usb-redir: Fix printing of device version ehci: drop old stuff usb-ehci: Handle ISO packets failing with an error other then NAK libcacard: fix reported ATR length usb-ccid: advertise SELF_POWERED libcacard: link with glib for g_strndup usb-desc: fix user trigerrable segfaults (!config) usb-ehci: sanity-check iso xfers usb: add tracepoint for usb packet state changes. usb-xhci: enable packet queuing usb-uhci: implement packet queuing usb-uhci: process uhci_handle_td return code via switch. usb-uhci: add UHCIQueue usb-uhci: cleanup UHCIAsync allocation & initialization. usb-ehci: fix reset ...
2012-02-29ide: fail I/O to empty diskPaolo Bonzini
Requesting a read or a write operation on an empty disk can lead to QEMU dumping core. Also fix a few braces here and there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: DIR (Digital Input Register) should return status of current drive...Hervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: fix seek command, which shouldn't check tracksHervé Poussineau
The seek command just sends step pulses to the drive and doesn't care if there is a medium inserted of if it is banging the head against the drive. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: check if media rate is correct before doing any transferHervé Poussineau
The programmed rate has to be the same as the required rate for the floppy format ; if that's not the case, the transfer should abort. This check can be disabled by using the 'check_media_rate' property. Save media rate value only if media rate check is enabled. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: add a 'check media rate' property. Not used yetHervé Poussineau
Set it to true for current Qemu versions, and false for previous ones Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29block: add a transfer rate for floppy typesHervé Poussineau
Floppies must be read at a specific transfer rate, depending of its own format. Update floppy description table to include required transfer rate. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: add CCR (Configuration Control Register) write registerHervé Poussineau
DIR and CCR registers share the same address ; DIR is read-only while CCR is write-only CCR register is used to change media transfer rate, which will be checked in following changes. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: handle read-only floppies (abort early on write commands)Hervé Poussineau
A real floppy doesn't attempt to write to read-only media either. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: most control commands do not generate interruptsHervé Poussineau
In fact, only three control commands generate an interrupt: read_id, recalibrate and seek Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: set busy bit when starting a commandHervé Poussineau
This bit must be active while a command is currently executed. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29fdc: take side count into accountHervé Poussineau
Floppies can be simple or double-sided. However, current code was only taking the common case into account (ie 2 sides). This repairs single-sided floppies, which where totally broken before this patch : for track > 0, wrong sector number was calculated, and data was read/written at wrong place on underlying device. Fortunately, only some 360 kB floppies are single-sided, so this bug was probably not seen much. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29memory: support stateless memory listenersAvi Kivity
Current memory listeners are incremental; that is, they are expected to maintain their own state, and receive callbacks for changes to that state. This patch adds support for stateless listeners; these work by receiving a ->begin() callback (which tells them that new state is coming), a sequence of ->region_add() and ->region_nop() callbacks, and then a ->commit() callback which signifies the end of the new state. They should ignore ->region_del() callbacks. Signed-off-by: Avi Kivity <avi@redhat.com>
2012-02-29memory: allow MemoryListeners to observe a specific address spaceAvi Kivity
Ignore any regions not belonging to a specified address space. Signed-off-by: Avi Kivity <avi@redhat.com>
2012-02-29memory: move ioeventfd ops to MemoryListenerAvi Kivity
This way the accelerator (kvm) can handle them directly. Signed-off-by: Avi Kivity <avi@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2012-02-29memory: switch memory listeners to a QTAILQAvi Kivity
This allows reverse iteration, which in turns allows consistent ordering among multiple listeners: l1->add l2->add l2->del l1->del Signed-off-by: Avi Kivity <avi@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2012-02-28qxl: properly handle upright and non-shared surfacesGerd Hoffmann
Although qxl creates a shared displaysurface when the qxl surface is upright and doesn't need to be flipped there is no guarantee that the surface doesn't become unshared for some reason. Rename qxl_flip to qxl_blit and fix it to handle both flip and non-flip cases. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-28qxl: add optinal 64bit vram barGerd Hoffmann
This patch adds an 64bit pci bar for vram. It is turned off by default. It can be enabled by setting the size of the 64bit bar to be larger than the 32bit bar. Both 32bit and 64bit bar refer to the same memory. Only the first part of the memory is available via 32bit bar. The intention is to allow large vram sizes for 64bit guests, by allowing the vram bar being mapped above 4G, so we don't have to squeeze it into the pci I/O window below 4G. With vram_size_mb=16 and vram64_size_mb=256 it looks like this: 00:02.0 VGA compatible controller: Red Hat, Inc. Device 0100 (rev 02) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc Device 1100 Physical Slot: 2 Flags: fast devsel, IRQ 10 Memory at f8000000 (32-bit, non-prefetchable) [size=64M] Memory at fc000000 (32-bit, non-prefetchable) [size=16M] Memory at fd020000 (32-bit, non-prefetchable) [size=8K] I/O ports at c5a0 [size=32] Memory at ffe0000000 (64-bit, prefetchable) [size=256M] Expansion ROM at fd000000 [disabled] [size=64K] [ mapping above 4G needs patched seabios: http://www.kraxel.org/cgit/seabios/commit/?h=pci64 ]
2012-02-27Merge remote-tracking branch 'aneesh/for-upstream' into stagingAnthony Liguori
* aneesh/for-upstream: hw/9pfs: Endian fixes for virtfs ./configure: add option for disabling VirtFS
2012-02-27usb: Resolve warnings about unassigned bus on usb device creationJan Kiszka
When creating an USB device the old way, there is no way to specify the target bus. Thus the warning issued by usb_create makes no sense and rather confuses our users. Resolve this by passing a bus reference to the usbdevice_init handler and letting those handlers forward it to usb_create. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27ehci: drop old stuffGerd Hoffmann
Drop the "ehci under development" banner. Drop unused & inactive (#if 0) code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27usb-ehci: Handle ISO packets failing with an error other then NAKHans de Goede
Before this patch the ehci code was not checking for any other errors other then USB_RET_NAK. This causes 2 problems: 1) Other errors are not reported to the guest. 2) When transactions with the ITD_XACT_IOC bit set completing with another error would not result in USBSTS_INT getting set. I hit this problem when unplugging devices while iso data was streaming from the device to the guest. When this happens it takes a while for the guest to process the unplugging and remove ISO transactions from the ehci schedule, in the mean time these transactions would complete with a result of USB_RET_NODEV, which was not handled. This lead to the Linux guest's usb subsystem "hanging", that is it would no longer see new usb devices getting plugged in and running for example lsusb would lead to a stuck (D state) lsusb process. This patch fixes this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27usb-ccid: advertise SELF_POWEREDAlon Levy
Before commit ed5a83ddd8c1d8ec7b1015315530cf29949e7c48 each device provided it's own response to USB_REQ_GET_STATUS, but after it that response was based on bmAttributes, which was errounously set for usb-ccid as 0xa0 and not 0xe0. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27usb-desc: fix user trigerrable segfaults (!config)Alon Levy
Check for dev->config being NULL in two places: USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS. The behavior of USB_REQ_GET_STATUS is unspecified in the Default state, that corresponds to dev->config being NULL (it defaults to NULL and is reset whenever a SET_CONFIGURATION with value 0, or attachment). I implemented it to correspond with the state before ed5a83ddd8c1d8ec7b1015315530cf29949e7c48, the commit moving SET_STATUS to usb-desc; if dev->config is not set we return whatever is in the first configuration. The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any SET_CONFIGURATION, but here we just return 0 (same as specified for the Address state). A win7 guest failed to initialize the device before this patch, segfaulting when GET_STATUS was called with dev->config == NULL. With this patch the passthrough device still doesn't work but the failure is unrelated. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27usb-ehci: sanity-check iso xfersGerd Hoffmann
This patch adds a sanity check to itd processing to make sure the endpoint addressed by the guest is actually an iso endpoint. Also verify that usb drivers don't return USB_RET_ASYNC which is illegal for iso xfers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>