From 2a6e2b6d83337c69173122cdd6eff6ccd18f3434 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Sun, 4 Mar 2012 11:57:58 +0100 Subject: [PATCH 35/35] usb-ehci: sanity-check iso xfers RH-Author: Hans de Goede Message-id: <1330862278-22314-22-git-send-email-hdegoede@redhat.com> Patchwork-id: 37936 O-Subject: [PATCH 21/21] usb-ehci: sanity-check iso xfers Bugzilla: 758104 RH-Acked-by: Hans de Goede RH-Acked-by: Gerd Hoffmann RH-Acked-by: Alon Levy RH-Acked-by: Markus Armbruster From: Gerd Hoffmann This patch adds a sanity check to itd processing to make sure the endpoint addressed by the guest is actually an iso endpoint. Also verify that usb drivers don't return USB_RET_ASYNC which is illegal for iso xfers. Signed-off-by: Gerd Hoffmann (Cherry picked from: aa0568ff2559d7717f4684af6a83d0bd1a125f56) [RHEL-6: we don't track ep types on RHEL-6 like we do upstream, so we cannot check if an itd is pointing to a non iso ep in advance, but we do still need to make sure that we never handle an iso xfer async. So check if the device does want to handle it async, and if so cancel the xfer and treat it as a NAK, like upstream does when the ep type check fails.] Signed-off-by: Hans de Goede --- hw/usb-ehci.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) Signed-off-by: Michal Novotny --- hw/usb-ehci.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c index 9df1d03..131bad2 100644 --- a/hw/usb-ehci.c +++ b/hw/usb-ehci.c @@ -1489,6 +1489,10 @@ static int ehci_process_itd(EHCIState *ehci, itd->transact[i] |= ITD_XACT_BABBLE; ehci_record_interrupt(ehci, USBSTS_ERRINT); break; + case USB_RET_ASYNC: + /* ISO endpoints are never ASYNC, not an iso endpoint? */ + usb_cancel_packet(&ehci->ipacket); + /* Treat this as a NAK (fall through) */ case USB_RET_NAK: /* no data for us, so do a zero-length transfer */ ret = 0; -- 1.7.7.6