From 5c09077aa0c3d56d66da3b935535565eb2b03a70 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Fri, 21 Sep 2012 18:57:30 -0300
Subject: [RHEL6 qemu-kvm PATCH 09/23] ehci: fix ehci_qh_do_overlay

RH-Author: Hans de Goede <hdegoede@redhat.com>
Message-id: <1348253864-3050-9-git-send-email-hdegoede@redhat.com>
Patchwork-id: 42185
O-Subject: [RHEL-6.4 qemu-kvm PATCH 08/22] ehci: fix ehci_qh_do_overlay
Bugzilla: 805172
RH-Acked-by: Uri Lublin <uril@redhat.com>
RH-Acked-by: Arnon Gilboa <agilboa@redhat.com>
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>

From: Gerd Hoffmann <kraxel@redhat.com>

Use ehci_flush_qh to make sure we touch inly the fields the hc is
allowed to touch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Upstream commit: a5e0139ab69feec9c9b8a4558369c283685e3f5a
Conflicts: hw/usb-ehci.c
---
 hw/usb-ehci.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 hw/usb-ehci.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index 0f23fdd..39b8869 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -1145,6 +1145,23 @@ static inline int put_dwords(uint32_t addr, uint32_t *buf, int num)
     return 1;
 }
 
+/*
+ *  Write the qh back to guest physical memory.  This step isn't
+ *  in the EHCI spec but we need to do it since we don't share
+ *  physical memory with our guest VM.
+ *
+ *  The first three dwords are read-only for the EHCI, so skip them
+ *  when writing back the qh.
+ */
+static void ehci_flush_qh(EHCIQueue *q)
+{
+    uint32_t *qh = (uint32_t *) &q->qh;
+    uint32_t dwords = sizeof(EHCIqh) >> 2;
+    uint32_t addr = NLPTR_GET(q->qhaddr);
+
+    put_dwords(addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
+}
+
 // 4.10.2
 
 static int ehci_qh_do_overlay(EHCIQueue *q)
@@ -1188,7 +1205,7 @@ static int ehci_qh_do_overlay(EHCIQueue *q)
     q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
     q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
 
-    put_dwords(NLPTR_GET(q->qhaddr), (uint32_t *) &q->qh, sizeof(EHCIqh) >> 2);
+    ehci_flush_qh(q);
 
     return 0;
 }
@@ -1809,23 +1826,6 @@ static int ehci_state_horizqh(EHCIQueue *q, int async)
     return again;
 }
 
-/*
- *  Write the qh back to guest physical memory.  This step isn't
- *  in the EHCI spec but we need to do it since we don't share
- *  physical memory with our guest VM.
- *
- *  The first three dwords are read-only for the EHCI, so skip them
- *  when writing back the qh.
- */
-static void ehci_flush_qh(EHCIQueue *q)
-{
-    uint32_t *qh = (uint32_t *) &q->qh;
-    uint32_t dwords = sizeof(EHCIqh) >> 2;
-    uint32_t addr = NLPTR_GET(q->qhaddr);
-
-    put_dwords(addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
-}
-
 static int ehci_state_execute(EHCIQueue *q, int async)
 {
     int again = 0;
-- 
1.7.11.4