From 243afe858b95765b98d16a1f0dd50dca262858ad Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 31 Mar 2017 12:25:21 +0200 Subject: xhci: flush dequeue pointer to endpoint context When done processing a endpoint ring we must update the dequeue pointer in the endpoint context in guest memory. This is needed to make sure the guest has a correct view of things and also to make live migration work properly, because xhci post_load restores alot of the state from xhci data structures in guest memory. Add xhci_set_ep_state() call to do that. The recursive calls stopped by commit ddb603ab6c981c1d67cb42266fc700c33e5b2d8f had the (unintentional) side effect to hiding this bug. xhci_set_ep_state() was called before processing, to set the state to running, which updated the dequeue pointer too. Reported-by: Dr. David Alan Gilbert Signed-off-by: Gerd Hoffmann Tested-by: Dr. David Alan Gilbert Message-id: 20170331102521.29253-1-kraxel@redhat.com --- hw/usb/hcd-xhci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'hw/usb/hcd-xhci.c') diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index f0af852709..a2d3143bf4 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -2063,7 +2063,7 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid) { XHCIState *xhci = epctx->xhci; - XHCIStreamContext *stctx; + XHCIStreamContext *stctx = NULL; XHCITransfer *xfer; XHCIRing *ring; USBEndpoint *ep = NULL; @@ -2186,6 +2186,8 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid) break; } } + /* update ring dequeue ptr */ + xhci_set_ep_state(xhci, epctx, stctx, epctx->state); epctx->kick_active--; ep = xhci_epid_to_usbep(epctx); -- cgit v1.2.3