From: Hans de Goede Date: Tue, 19 Nov 2013 13:36:59 +0000 (+0100) Subject: xhci: Add a few missing checks for disconnected devices X-Git-Tag: v2.0.0-rc0~203^2~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de9de157fbb9aa66380ab1973dd6ecf12fbd8b25;p=thirdparty%2Fqemu.git xhci: Add a few missing checks for disconnected devices One of the reworks of qemu's usb core made changes to usb-port's disconnect handling. Now ports with a device will always have a non 0 dev member, but if the device is not attached (which is possible with usb redirection), dev->attached will be 0. So supplement all checks for dev to also check dev->attached, and add an extra check in a path where a device check was completely missing. This fixes various crashes (asserts triggering) I've been seeing when xhci attached usb devices get disconnected at the wrong time. Signed-off-by: Hans de Goede Signed-off-by: Gerd Hoffmann --- diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 835f65ed816..c3377eebeaf 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1495,7 +1495,8 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid, } if (!xhci->slots[slotid-1].uport || - !xhci->slots[slotid-1].uport->dev) { + !xhci->slots[slotid-1].uport->dev || + !xhci->slots[slotid-1].uport->dev->attached) { return CC_USB_TRANSACTION_ERROR; } @@ -1982,6 +1983,14 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, return; } + /* If the device has been detached, but the guest has not noticed this + yet the 2 above checks will succeed, but we must NOT continue */ + if (!xhci->slots[slotid - 1].uport || + !xhci->slots[slotid - 1].uport->dev || + !xhci->slots[slotid - 1].uport->dev->attached) { + return; + } + if (epctx->retry) { XHCITransfer *xfer = epctx->retry; @@ -2206,7 +2215,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, trace_usb_xhci_slot_address(slotid, uport->path); dev = uport->dev; - if (!dev) { + if (!dev || !dev->attached) { fprintf(stderr, "xhci: port %s not connected\n", uport->path); return CC_USB_TRANSACTION_ERROR; }