[Qemu-commits] [qemu/qemu] 278412: usb: fix usb-net segfault

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 278412: usb: fix usb-net segfault

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 278412: usb: fix usb-net segfault
Date:	Mon, 11 May 2015 03:00:07 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 278412d0e710e2e848c6e510f8308e5b1ed4d03e
      
https://github.com/qemu/qemu/commit/278412d0e710e2e848c6e510f8308e5b1ed4d03e
  Author: Michal Kazior <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-network.c

  Log Message:
  -----------
  usb: fix usb-net segfault

The dev->config pointer isn't set until guest
system initializes usb devices (via
usb_desc_set_config). However qemu networking can
go through some motions prior to that, e.g.:

 #0  is_rndis (s=0x555557261970) at hw/usb/dev-network.c:653
 #1  0x000055555585f723 in usbnet_can_receive (nc=0x55555641e820) at 
hw/usb/dev-network.c:1315
 #2  0x000055555587635e in qemu_can_send_packet (sender=0x5555572660a0) at 
net/net.c:470
 #3  0x0000555555878e34 in net_hub_port_can_receive (nc=0x5555562d7800) at 
net/hub.c:101
 #4  0x000055555587635e in qemu_can_send_packet (sender=0x5555562d7980) at 
net/net.c:470
 #5  0x000055555587dbca in tap_can_send (opaque=0x5555562d7980) at net/tap.c:172

The command to reproduce most reliably was:

 qemu-system-i386 -usb -device usb-net,vlan=0 -net tap,vlan=0

This wasn't strictly a problem with tap. Other
networking endpoints (vde, user) could trigger
this problem as well.

Fixes: https://bugs.launchpad.net/qemu/+bug/1050823
Cc: address@hidden
Signed-off-by: Michal Kazior <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 4e8cfbe1143d8384387595b500212d7a7f11aeae
      
https://github.com/qemu/qemu/commit/4e8cfbe1143d8384387595b500212d7a7f11aeae
  Author: Gerd Hoffmann <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/hcd-xhci.c

  Log Message:
  -----------
  xhci: set timer to retry xfers

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 88dbed3f5946b74cf02c1bb0082b8c50037720ea
      
https://github.com/qemu/qemu/commit/88dbed3f5946b74cf02c1bb0082b8c50037720ea
  Author: Gerd Hoffmann <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/hcd-xhci.c

  Log Message:
  -----------
  Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC 
bit set"

This makes xhci generate multiple short packet events in case of
multi-trb transfers.  Which is wrong.  We need to fix this in a
different way.

This reverts commit aa6857891df614c620e6e9fc4bc4af6e0e49cafd.

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: df0f1692db9236a469496cc09fc7bd5faf31efad
      
https://github.com/qemu/qemu/commit/df0f1692db9236a469496cc09fc7bd5faf31efad
  Author: Gerd Hoffmann <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/hcd-xhci.c

  Log Message:
  -----------
  xhci: fix events for setup trb.

When we find a IOC bit set on a setup trb and therefore queue an event,
that should not stop events being generated for following data trbs.
So clear the 'reported' flag.

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 49184b6253a50385c5e934cc4eb813b79cc956f2
      
https://github.com/qemu/qemu/commit/49184b6253a50385c5e934cc4eb813b79cc956f2
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/hcd-uhci.c

  Log Message:
  -----------
  uhci: QOMify

Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 0389a0b10967b639ac7444453274b910a4b6f2ed
      
https://github.com/qemu/qemu/commit/0389a0b10967b639ac7444453274b910a4b6f2ed
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-audio.c

  Log Message:
  -----------
  usb: usb-audio QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: a293e82bbef666f66be733993e276998319568e1
      
https://github.com/qemu/qemu/commit/a293e82bbef666f66be733993e276998319568e1
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-bluetooth.c

  Log Message:
  -----------
  usb: usb-bt QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: f56691295e38429bbfe476d57676c53bcb1fd437
      
https://github.com/qemu/qemu/commit/f56691295e38429bbfe476d57676c53bcb1fd437
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-hid.c

  Log Message:
  -----------
  usb: usb-hid QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: e81b13ad94803bf13491bb71c8a76a5d7db9ddf1
      
https://github.com/qemu/qemu/commit/e81b13ad94803bf13491bb71c8a76a5d7db9ddf1
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-hub.c

  Log Message:
  -----------
  usb: usb-hub QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 7c03a899e6e4030a88bd42c4d494e3a7521806ea
      
https://github.com/qemu/qemu/commit/7c03a899e6e4030a88bd42c4d494e3a7521806ea
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-mtp.c

  Log Message:
  -----------
  usb: usb-mtp QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: e60baebd409d547292c778d599111ea1623dd4b5
      
https://github.com/qemu/qemu/commit/e60baebd409d547292c778d599111ea1623dd4b5
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-mtp.c

  Log Message:
  -----------
  usb-mtp: fix segmentation fault

When x-root property not be configured, will cause segfault
because of null pointer accessing. Add a check for s->root
property avoid segfault.

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: fe47db72210dc17b794954f978ef1d1236cbeb72
      
https://github.com/qemu/qemu/commit/fe47db72210dc17b794954f978ef1d1236cbeb72
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-network.c

  Log Message:
  -----------
  usb: usb-net QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 61b4887b41b270bc837ead57bc502d904af023bb
      
https://github.com/qemu/qemu/commit/61b4887b41b270bc837ead57bc502d904af023bb
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-smartcard-reader.c

  Log Message:
  -----------
  usb: usb-ccid QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 79e2590cbf9887a99a65d2aa62da78c6dfd9cdb8
      
https://github.com/qemu/qemu/commit/79e2590cbf9887a99a65d2aa62da78c6dfd9cdb8
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-storage.c

  Log Message:
  -----------
  usb: usb-storage QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 0b06d099b0ab9b055414508ca55133b200d675f8
      
https://github.com/qemu/qemu/commit/0b06d099b0ab9b055414508ca55133b200d675f8
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-uas.c

  Log Message:
  -----------
  usb: usb-uas QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 924e567e1e6641f4af7e927f9c420cc7b4464073
      
https://github.com/qemu/qemu/commit/924e567e1e6641f4af7e927f9c420cc7b4464073
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-wacom.c

  Log Message:
  -----------
  usb: usb-wacom-tablet QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: d371cbc778e1868b18faa8d6764602b1f4806100
      
https://github.com/qemu/qemu/commit/d371cbc778e1868b18faa8d6764602b1f4806100
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/redirect.c

  Log Message:
  -----------
  usb: usb-redir QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: cdf0d7694d877f19936d7404fd10b580f6e9a9b1
      
https://github.com/qemu/qemu/commit/cdf0d7694d877f19936d7404fd10b580f6e9a9b1
  Author: Gonglei <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/dev-serial.c

  Log Message:
  -----------
  usb: usb-serial QOMify

Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: ca5a21c40d95d7a4e26ea0a304fd2cd8ad4e6ae1
      
https://github.com/qemu/qemu/commit/ca5a21c40d95d7a4e26ea0a304fd2cd8ad4e6ae1
  Author: Gerd Hoffmann <address@hidden>
  Date:   2015-05-08 (Fri, 08 May 2015)

  Changed paths:
    M hw/usb/hcd-uhci.c

  Log Message:
  -----------
  uhci: controller is halted after reset

... and the status register should say so.

Fixes "usbus0: controller did not stop" error printed by freebsd.

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 4ae740cc0e4a123047b40c373e699e28031d420e
      
https://github.com/qemu/qemu/commit/4ae740cc0e4a123047b40c373e699e28031d420e
  Author: Peter Maydell <address@hidden>
  Date:   2015-05-11 (Mon, 11 May 2015)

  Changed paths:
    M hw/usb/dev-audio.c
    M hw/usb/dev-bluetooth.c
    M hw/usb/dev-hid.c
    M hw/usb/dev-hub.c
    M hw/usb/dev-mtp.c
    M hw/usb/dev-network.c
    M hw/usb/dev-serial.c
    M hw/usb/dev-smartcard-reader.c
    M hw/usb/dev-storage.c
    M hw/usb/dev-uas.c
    M hw/usb/dev-wacom.c
    M hw/usb/hcd-uhci.c
    M hw/usb/hcd-xhci.c
    M hw/usb/redirect.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20150508-1' into 
staging

usb: qomify, bugfixes for xhci & uhci.

# gpg: Signature made Fri May  8 12:39:28 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"

* remotes/kraxel/tags/pull-usb-20150508-1:
  uhci: controller is halted after reset
  usb: usb-serial QOMify
  usb: usb-redir QOMify
  usb: usb-wacom-tablet QOMify
  usb: usb-uas QOMify
  usb: usb-storage QOMify
  usb: usb-ccid QOMify
  usb: usb-net QOMify
  usb-mtp: fix segmentation fault
  usb: usb-mtp QOMify
  usb: usb-hub QOMify
  usb: usb-hid QOMify
  usb: usb-bt QOMify
  usb: usb-audio QOMify
  uhci: QOMify
  xhci: fix events for setup trb.
  Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC 
bit set"
  xhci: set timer to retry xfers
  usb: fix usb-net segfault

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/fc85cf4a8199...4ae740cc0e4a
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 278412: usb: fix usb-net segfault, GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] cb927b: s390-virtio: Accommodate guests using virtqueues t...
Next by Date: [Qemu-commits] [qemu/qemu] cf1ecc: console: delayed ui_info guest notification
Previous by thread: [Qemu-commits] [qemu/qemu] cb927b: s390-virtio: Accommodate guests using virtqueues t...
Next by thread: [Qemu-commits] [qemu/qemu] cf1ecc: console: delayed ui_info guest notification
Index(es):
- Date
- Thread