summaryrefslogtreecommitdiff
path: root/hw/usb
AgeCommit message (Collapse)AuthorFilesLines
2016-06-16os-posix: include sys/mman.hPaolo Bonzini1-1/+0
qemu/osdep.h checks whether MAP_ANONYMOUS is defined, but this check is bogus without a previous inclusion of sys/mman.h. Include it in sysemu/os-posix.h and remove it from everywhere else. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-14Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160614-tag' ↵Peter Maydell1-4/+1
into staging Xen 2016/06/14 # gpg: Signature made Tue 14 Jun 2016 16:01:52 BST # gpg: using RSA key 0x894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini/tags/xen-20160614-tag: xen: Clean up includes xen/blkif: avoid double access to any shared ring request fields Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-14xen: Clean up includesPeter Maydell1-4/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2016-06-13hw/usb/dev-network.c: Use ldl_le_p() and stl_le_p()Peter Maydell1-33/+30
Use stl_le_p() and ldl_le_p() to read and write data from buffers, rather than using pointer casts and cpu_to_le32() for writes and le32_to_cpup() for reads. This: * avoids lots of casts * works even if the buffer isn't as aligned as the host would like * avoids using the *_to_cpup() functions which we want to get rid of Note that there may still be some places where a pointer from the guest is cast to a pointer to a host structure; these would also have to be changed for the device to work on a host CPU which enforces alignment restrictions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1465573077-29221-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-06-13usb-host: add special case for bus+addrGerd Hoffmann1-4/+52
This patch changes usb-host behavior in case we hostbus= and hostaddr= properties are used to identify the usb device in question. Instead of adding the device to the hotplug watchlist we try to open directly using the given bus number and device address. Putting a device specified by hostaddr to the hotplug watchlist isn't a great idea as the address isn't a fixed property. It changes every time the device is plugged in. So considering this case as "use the device at bus:addr _now_" is more sane. Also usb-host will throw errors in case it can't initialize the host device. Note: For devices on the hotplug watchlist (hostport or vendorid or productid specified) qemu continues to ignore errors and keeps monitoring the usb bus to see if the device eventually shows up. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1464945175-28939-1-git-send-email-kraxel@redhat.com
2016-06-07usb: Use DIV_ROUND_UPLaurent Vivier1-3/+3
Replace (((n) + (d) - 1) /(d)) by DIV_ROUND_UP(n,d). This patch is the result of coccinelle script scripts/coccinelle/round.cocci CC: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-06-07remove useless muldiv64()Laurent Vivier1-1/+1
muldiv64(a, 1, b) is like "a / b". This patch is the result of coccinelle script scripts/coccinelle/remove_muldiv64.cocci. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-06-07The only 64bit parameter of muldiv64() is the first one.Laurent Vivier1-1/+1
muldiv64() is "uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)" Some time it is used as muldiv64(uint32_t a, uint64_t b, uint32_t c)" This patch is the result of coccinelle script scripts/coccinelle/swap_muldiv64.cocci to reorder arguments. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-05-23usb/ohci: Fix crash with when specifying too many num-portsThomas Huth1-0/+6
QEMU currently crashes when an OHCI controller is instantiated with too many ports, e.g. "-device pci-ohci,num-ports=100,masterbus=1". Thus add a proper check in usb_ohci_init() to make sure that we do not use more than OHCI_MAX_PORTS = 15 ports here. Ticket: https://bugs.launchpad.net/qemu/+bug/1581308 Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1463995387-11710-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-23xen: add pvUSB backendJuergen Gross2-0/+1084
Add a backend for para-virtualized USB devices for xen domains. The backend is using host-libusb to forward USB requests from a domain via libusb to the real device(s) passed through. Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-id: 1463062421-613-4-git-send-email-jgross@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11usb: Support compilation without poll.hStefan Weil1-1/+12
This is a hack to support compilation with Mingw-w64 which provides a libusb-1.0 package, but no poll.h. Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-id: 1458630800-10088-1-git-send-email-sw@weilnetz.de Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't ↵Isaac Lozano1-2/+2
complain If an application uses libmtp on the guest system, it will complain with the warning message: LIBMTP WARNING: VendorExtensionID: ffffffff LIBMTP WARNING: VendorExtensionDesc: (null) LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but not a MTP device at all. Trying to continue anyway. This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor Extension Identification Message page and are what most physical devices show. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1460892593-5908-1-git-send-email-109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11usb:xhci: no DMA on HC resetRoman Kagan1-1/+4
This patch is a rough fix to a memory corruption we are observing when running VMs with xhci USB controller and OVMF firmware. Specifically, on the following call chain xhci_reset xhci_disable_slot xhci_disable_ep xhci_set_ep_state QEMU overwrites guest memory using stale guest addresses. This doesn't happen when the guest (firmware) driver sets up xhci for the first time as there are no slots configured yet. However when the firmware hands over the control to the OS some slots and endpoints are already set up with their context in the guest RAM. Now the OS' driver resets the controller again and xhci_set_ep_state then reads and writes that memory which is now owned by the OS. As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the device context base address array pointer is zero (indicating we're in the HC reset and no DMA is possible). Cc: qemu-stable@nongnu.org Signed-off-by: Roman Kagan <rkagan@virtuozzo.com> Message-id: 1462384435-1034-1-git-send-email-rkagan@virtuozzo.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-25usb/uhci: move pid checkGerd Hoffmann1-13/+13
commit "5f77e06 usb: add pid check at the first of uhci_handle_td()" moved the pid verification to the start of the uhci_handle_td function, to simplify the error handling (we don't have to free stuff which we didn't allocate in the first place ...). Problem is now the check fires too often, it raises error IRQs even for TDs which we are not going to process because they are not set active. So, lets move down the check a bit, so it is done only for active TDs, but still before we are going to allocate stuff to process the requested transfer. Reported-by: Joe Clifford <joe@thunderbug.co.uk> Tested-by: Joe Clifford <joe@thunderbug.co.uk> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1461321893-15811-1-git-send-email-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-22event-notifier: Add "is_external" parameterFam Zheng1-1/+1
All callers pass "false" keeping the old semantics. The windows implementation doesn't distinguish the flag yet. On posix, it is passed down to the underlying aio context. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-19Revert "ehci: make idt processing more robust"Gerd Hoffmann1-3/+2
This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254. Breaks FreeBSD. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-19ehci: apply limit to iTD/sidt descriptorsGerd Hoffmann1-1/+5
Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a DoS by the guest (create a circular iTD queue and let qemu ehci emulation run in circles forever). Unfortunately this has two problems: First it misses the case of siTDs, and second it reportedly breaks FreeBSD. So lets go for a different approach: just count the number of iTDs and siTDs we have seen per frame and apply a limit. That should really catch all cases now. Reported-by: 杜少博 <dushaobo@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-24Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell15-14/+33
* Log filtering from Alex and Peter * Chardev fix from Marc-André * config.status tweak from David * Header file tweaks from Markus, myself and Veronia (Outreachy candidate) * get_ticks_per_sec() removal from Rutuja (Outreachy candidate) * Coverity fix from myself * PKE implementation from myself, based on rth's XSAVE support # gpg: Signature made Thu 24 Mar 2016 20:15:11 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (28 commits) target-i386: implement PKE for TCG config.status: Pass extra parameters char: translate from QIOChannel error to errno exec: fix error handling in file_ram_alloc cputlb: modernise the debug support qemu-log: support simple pid substitution for logs target-arm: dfilter support for in_asm qemu-log: dfilter-ise exec, out_asm, op and opt_op qemu-log: new option -dfilter to limit output qemu-log: Improve the "exec" TB execution logging qemu-log: Avoid function call for disabled qemu_log_mask logging qemu-log: correct help text for -d cpu tcg: pass down TranslationBlock to tcg_code_gen util: move declarations out of qemu-common.h Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND hw: explicitly include qemu-common.h and cpu.h include/crypto: Include qapi-types.h or qemu/bswap.h instead of qemu-common.h isa: Move DMA_transfer_handler from qemu-common.h to hw/isa/isa.h Move ParallelIOArg from qemu-common.h to sysemu/char.h Move QEMU_ALIGN_*() from qemu-common.h to qemu/osdep.h ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Conflicts: scripts/clean-includes
2016-03-22util: move declarations out of qemu-common.hVeronia Bahaa4-0/+4
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: Veronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22Replaced get_tick_per_sec() by NANOSECONDS_PER_SECONDRutuja Shah5-14/+15
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster13-0/+14
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-18usb: ehci: add capability mmio write functionPrasad J Pandit1-0/+6
USB Ehci emulation supports host controller capability registers. But its mmio '.write' function was missing, which lead to a null pointer dereference issue. Add a do nothing 'ehci_caps_write' definition to avoid it; Do nothing because capability registers are Read Only(RO). Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18hw/usb/dev-mtp: Guard inotify usage with CONFIG_INOTIFY1Matthew Fortune1-10/+10
inotify_init1 usage was guarded by a check for linux but does not exist on older distributions like CentOS 5 resulting in build failures. Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com> Message-id: 6D39441BF12EF246A7ABCE6654B023536BB85D4A@hhmail02.hh.imgtec.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: fix unbound stack warning for inotify_watchfnPeter Xu1-3/+2
Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1457503640-31473-1-git-send-email-peterx@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: fix unbound stack usage for usb_mtp_add_strPeter Xu1-1/+3
Use heap instead of stack. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: fix unbounded stack warning for xhci_dma_write_u32sPeter Xu1-2/+4
All the callers for xhci_dma_write_u32s() are using mostly 5 * uint32_t in len. To avoid unbound stack warning for the function, make it statically allocated, and assert when it's not big enough in the future. Signed-off-by: Peter Xu <peterx@redhat.com> Message-id: 1457661106-9569-1-git-send-email-peterx@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: Fix compilation for WindowsStefan Weil1-1/+3
Mingw-w64 does not provide sys/ioctl.h and Linux builds don't need it, so remove that include statement. ERROR is defined by wingdi.h (included via windows.h). Undefine it before it is redefined to avoid a compiler warning / error. Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-id: 1458159439-32322-1-git-send-email-sw@weilnetz.de Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-29usb-redirect: Avoid double free of dataFam Zheng1-3/+8
If dropping packets, data is freed, the caller's loop should not continue. Reported by ccc-analyzer. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1456301288-1592-1-git-send-email-famz@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23all: Clean up includesPeter Maydell1-1/+0
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-02-23ohci: allocate timer only once.Gerd Hoffmann1-26/+8
Allocate timer once, at init time, instead of allocating/freeing it all the time when starting/stopping the bus. Simplifies the code, also fixes bugs (memory leak) due to missing checks whenever the time is already allocated or not. Cc: Prasad J Pandit <pjp@fedoraproject.org> Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23usb: add pid check at the first of uhci_handle_td()Gonglei1-6/+16
pid can be gotten from uhci device memory in uhci_handle_td(), so the guest can trigger assert qemu if we get an invalid pid. And the uhci spec 2.1.2 tells us The Host Controller sets Host Controller Process Error bit to 1 when it detects a fatal error and indicates that the Host Controller suffered a consistency check failure while processing a Transfer Descriptor. An example of a consistency check failure would be finding an illegal PID field while processing the packet header portion of the TD. When this error occurs, the Host Controller clears the Run/Stop bit in the Command register to prevent further schedule execution. We'd better to set UHCI_STS_HCPERR and kick an interrupt, check the pid value at the first of uhci_handle_td function. https://bugzilla.redhat.com/show_bug.cgi?id=1070027 Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-id: 1455867238-4720-1-git-send-email-arei.gonglei@huawei.com [ applied minor codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23usb: check RNDIS buffer offsets & lengthPrasad J Pandit1-3/+6
When processing remote NDIS control message packets, the USB Net device emulator uses a fixed length(4096) data buffer. The incoming informationBufferOffset & Length combination could overflow and cross that range. Check control message buffer offsets and length to avoid it. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23usb: check RNDIS message lengthPrasad J Pandit1-9/+9
When processing remote NDIS control message packets, the USB Net device emulator uses a fixed length(4096) data buffer. The incoming packet length could exceed this limit. Add a check to avoid it. Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1455648821-17340-2-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23tusb6010: move from hw/timer to hw/usbPeter Maydell2-0/+819
The TUSB6010 is a USB controller (as the name suggests). Move it from hw/timer (where it was accidentally filed in 2013 when we moved everything out of hw/) to hw/usb. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1455883404-10976-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23usb: check USB configuration descriptor objectPrasad J Pandit1-1/+2
When processing remote NDIS control message packets, the USB Net device emulator checks to see if the USB configuration descriptor object is of RNDIS type(2). But it does not check if it is null, which leads to a null dereference error. Add check to avoid it. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-11Passthru CCID card: QOMifyCao jin1-6/+8
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-02-11Emulated CCID card: QOMifyCao jin1-10/+13
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-02-08qom: Swap 'name' next to visitor in ObjectPropertyAccessorEric Blake1-4/+4
Similar to the previous patch, it's nice to have all functions in the tree that involve a visitor and a name for conversion to or from QAPI to consistently stick the 'name' parameter next to the Visitor parameter. Done by manually changing include/qom/object.h and qom/object.c, then running this Coccinelle script and touching up the fallout (Coccinelle insisted on adding some trailing whitespace). @ rule1 @ identifier fn; typedef Object, Visitor, Error; identifier obj, v, opaque, name, errp; @@ void fn - (Object *obj, Visitor *v, void *opaque, const char *name, + (Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) { ... } @@ identifier rule1.fn; expression obj, v, opaque, name, errp; @@ fn(obj, v, - opaque, name, + name, opaque, errp) Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-20-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Swap visit_* arguments for consistent 'name' placementEric Blake1-2/+2
JSON uses "name":value, but many of our visitor interfaces were called with visit_type_FOO(v, &value, name, errp). This can be a bit confusing to have to mentally swap the parameter order to match JSON order. It's particularly bad for visit_start_struct(), where the 'name' parameter is smack in the middle of the otherwise-related group of 'obj, kind, size' parameters! It's time to do a global swap of the parameter ordering, so that the 'name' parameter is always immediately after the Visitor argument. Additional reason in favor of the swap: the existing include/qjson.h prefers listing 'name' first in json_prop_*(), and I have plans to unify that file with the qapi visitors; listing 'name' first in qapi will minimize churn to the (admittedly few) qjson.h clients. Later patches will then fix docs, object.h, visitor-impl.h, and those clients to match. Done by first patching scripts/qapi*.py by hand to make generated files do what I want, then by running the following Coccinelle script to affect the rest of the code base: $ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'` I then had to apply some touchups (Coccinelle insisted on TAB indentation in visitor.h, and botched the signature of visit_type_enum() by rewriting 'const char *const strings[]' to the syntactically invalid 'const char*const[] strings'). The movement of parameters is sufficient to provoke compiler errors if any callers were missed. // Part 1: Swap declaration order @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_start_struct -(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type bool, TV, T1; identifier ARG1; @@ bool visit_optional -(TV v, T1 ARG1, const char *name) +(TV v, const char *name, T1 ARG1) { ... } @@ type TV, TErr, TObj, T1; identifier OBJ, ARG1; @@ void visit_get_next_type -(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp) { ... } @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_type_enum -(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type TV, TErr, TObj; identifier OBJ; identifier VISIT_TYPE =~ "^visit_type_"; @@ void VISIT_TYPE -(TV v, TObj OBJ, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, TErr errp) { ... } // Part 2: swap caller order @@ expression V, NAME, OBJ, ARG1, ARG2, ERR; identifier VISIT_TYPE =~ "^visit_type_"; @@ ( -visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR) +visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR) | -visit_optional(V, ARG1, NAME) +visit_optional(V, NAME, ARG1) | -visit_get_next_type(V, OBJ, ARG1, NAME, ERR) +visit_get_next_type(V, NAME, OBJ, ARG1, ERR) | -visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR) +visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR) | -VISIT_TYPE(V, OBJ, NAME, ERR) +VISIT_TYPE(V, NAME, OBJ, ERR) ) Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-19-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-02ehci: update irq on resetGerd Hoffmann1-0/+1
After clearing the status register we also have to update the irq line status. Otherwise a irq which happends to be pending at reset time causes a interrupt storm. And the guest can't stop as the status register doesn't indicate any pending interrupt. Both NetBSD and FreeBSD hang on shutdown because of that. Cc: qemu-stable@nongnu.org Reported-by: Andrey Korolyov <andrey@xdel.ru> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1453203884-4125-1-git-send-email-kraxel@redhat.com
2016-02-02usb: check page select value while processing iTDPrasad J Pandit1-4/+6
While processing isochronous transfer descriptors(iTD), the page select(PG) field value could lead to an OOB read access. Add check to avoid it. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-29usb: Clean up includesPeter Maydell31-3/+31
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-20-git-send-email-peter.maydell@linaro.org
2016-01-13error: Use error_prepend() where it makes obvious senseMarkus Armbruster1-3/+3
Done with this Coccinelle semantic patch @@ expression FMT, E1, E2; expression list ARGS; @@ - error_setg(E1, FMT, ARGS, error_get_pretty(E2)); + error_propagate(E1, E2);/*###*/ + error_prepend(E1, FMT/*@@@*/, ARGS); followed by manual cleanup, first because I can't figure out how to make Coccinelle transform strings, and second to get rid of now superfluous error_propagate(). We now use or propagate the original error whole instead of just its message obtained with error_get_pretty(). This avoids suppressing its hint (see commit 50b7b00), but I can't see how the errors touched in this commit could come with hints. It also improves the message printed with &error_abort when we screw up (see commit 1e9b65b). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-13error: Use error_reportf_err() where it makes obvious senseMarkus Armbruster1-3/+2
Done with this Coccinelle semantic patch @@ expression FMT, E, S; expression list ARGS; @@ - error_report(FMT, ARGS, error_get_pretty(E)); + error_reportf_err(E, FMT/*@@@*/, ARGS); ( - error_free(E); | exit(S); | abort(); ) followed by a replace of '%s"/*@@@*/' by '"' and some line rewrapping, because I can't figure out how to make Coccinelle transform strings. We now use the error whole instead of just its message obtained with error_get_pretty(). This avoids suppressing its hint (see commit 50b7b00), but I can't see how the errors touched in this commit could come with hints. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1450452927-8346-12-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-08ohci: clear pending SOF on suspendLaurent Vivier1-0/+3
On overcommitted CPU, kernel can be so slow that an interrupt can be triggered by the device whereas the driver is not ready to receive it. This drives us into an infinite loop. On suspend, if a SOF interrupt is raised between the stop of the device processing and the change of the device internal state to OHCI_USB_SUSPEND (QEMU stops SOF timer on this state change), this interrupt is never acknowledged. This patch clears pending SOF interrupt on OHCI_USB_SUSPEND setting. Some details: - ohci_irq(): the OHCI interrupt handler, acknowledges the SOF IRQ only if the state of the driver (rh_state) is OHCI_STATE_RUNNING. So if this interrupt happens and the driver is not in this state, the function is called again and again, moving the system to a CPU starvation. - ohci_rh_suspend(): the function stop the operation and acknowledge pending interrupts (but doesn't disable it). Later in the function, the device is moved to OHCI_SUSPEND_STATE, and the driver to OHCI_RH_SUSPENDED. If between the moment when the interrupt is acknowledged and the moment when the device is suspended a new interrupt is raised, it will be never acknowledged because the driver is now not in OHCI_RH_RUNNING state. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 1452109525-32150-3-git-send-email-lvivier@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08ohci: delay first SOF interruptLaurent Vivier1-3/+13
On overcommitted CPU, kernel can be so slow that an interrupt can be triggered by the device whereas the driver is not ready to receive it. This drives us into an infinite loop. This does not happen on real hardware because real hardware never send interrupt immediately after the controller has been moved to OPERATION state. This patch tries to delay the first SOF interrupt to let driver exits from the critical section (which is not protected against interrupts...) Some details: - ohci_irq(): the OHCI interrupt handler, acknowledges the SOF IRQ only if the state of the driver (rh_state) is OHCI_STATE_RUNNING. So if this interrupt happens and the driver is not in this state, the function is called again and again, moving the system to a CPU starvation. - ohci_rh_resume(): the driver re-enables operation with OHCI_USB_OPER. In QEMU this start the SOF timer and QEMU starts to send IRQs. As the driver is not in OHCI_STATE_RUNNING and not protected against IRQ, the ohci_irq() can be called and the driver never moved to OHCI_STATE_RUNNING. Suggested-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 1452109525-32150-2-git-send-email-lvivier@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08usb-mtp: fix call to trace functionBandan Das1-1/+1
trace_usb_mtp_inotify_event() was being called after the object was being freed. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1450861787-16213-3-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08usb-mtp: use safe variant when cleaning events listBandan Das1-2/+2
usb_mtp_inotify_cleanup uses QLIST_FOREACH to pick events from a list and free them which is incorrect. Use QLIST_FOREACH_SAFE instead. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1450861787-16213-2-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08ohci: fix command HostControllerResetHervé Poussineau1-1/+1
Specification says that: "This bit is set by HCD to initiate a software reset of HC." Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 1450567431-31795-4-git-send-email-hpoussin@reactos.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08ohci: fix Host Controller USBRESETHervé Poussineau1-1/+1
Specification says that, when entering this state, "the contents of the registers (except Root Hub registers) are preserved by the HC. [...] The Root Hub is being reset, which causes the Root Hub's downstream ports to be reset and possibly powered off." Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 1450567431-31795-3-git-send-email-hpoussin@reactos.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>