From patchwork Wed Nov 14 16:21:41 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hans de Goede <hdegoede@redhat.com>
X-Patchwork-Id: 198961
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 6B4282C008D
	for <incoming@patchwork.ozlabs.org>;
	Thu, 15 Nov 2012 03:44:01 +1100 (EST)
Received: from localhost ([::1]:47114 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1TYfhf-0000Xj-Hs
	for incoming@patchwork.ozlabs.org; Wed, 14 Nov 2012 11:20:39 -0500
Received: from eggs.gnu.org ([208.118.235.92]:58827)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hdegoede@redhat.com>) id 1TYfh1-0007JF-JB
	for qemu-devel@nongnu.org; Wed, 14 Nov 2012 11:20:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <hdegoede@redhat.com>) id 1TYfgy-0006yh-Gw
	for qemu-devel@nongnu.org; Wed, 14 Nov 2012 11:19:59 -0500
Received: from mx1.redhat.com ([209.132.183.28]:22835)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hdegoede@redhat.com>) id 1TYfgy-0006yA-8L
	for qemu-devel@nongnu.org; Wed, 14 Nov 2012 11:19:56 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id qAEGJtDV024854
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Wed, 14 Nov 2012 11:19:55 -0500
Received: from shalem.localdomain.com (vpn1-4-130.ams2.redhat.com
	[10.36.4.130])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id qAEGJkIV016281; Wed, 14 Nov 2012 11:19:54 -0500
From: Hans de Goede <hdegoede@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 14 Nov 2012 17:21:41 +0100
Message-Id: <1352910105-10272-7-git-send-email-hdegoede@redhat.com>
In-Reply-To: <1352910105-10272-1-git-send-email-hdegoede@redhat.com>
References: <1352910105-10272-1-git-send-email-hdegoede@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 209.132.183.28
Cc: Hans de Goede <hdegoede@redhat.com>, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 06/10] ehci: Verify guest does not change the
	token of inflight qtd-s
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

This is not allowed, except for clearing active on cancellation, so don't
warn when the new token does not have its active bit set.

This unifies the cancellation path for modified qtd-s, and prepares
ehci_verify_qtd to be used ad an extra check inside
ehci_writeback_async_complete_packet().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
 hw/usb/hcd-ehci.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index a694346..e565d6a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -457,6 +457,7 @@ static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
     if (p->qtdaddr != p->queue->qtdaddr ||
         (!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd->next)) ||
         (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
+        p->qtd.token != qtd->token ||
         p->qtd.bufptr[0] != qtd->bufptr[0]) {
         return false;
     } else {
@@ -1748,7 +1749,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
     if (p != NULL) {
         if (!ehci_verify_qtd(p, &qtd)) {
             ehci_cancel_queue(q);
-            ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD");
+            if (qtd.token & QTD_TOKEN_ACTIVE) {
+                ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
+            }
             p = NULL;
         } else {
             p->qtd = qtd;
@@ -1757,11 +1760,6 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
     }
 
     if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
-        if (p != NULL) {
-            /* transfer canceled by guest (clear active) */
-            ehci_cancel_queue(q);
-            p = NULL;
-        }
         ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
     } else if (p != NULL) {
         switch (p->async) {