motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 00:03:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

hw/usb/hcd-xhci: Unmap canceled packet

Browse source 
When the Stop Endpoint Command is received, packets running
asynchronously are canceled and then all packets are cleaned up. Packets
running asynchronously hold the DMA mapping so cleaning the packets leak
the mapping. Remove the mapping after canceling packets to fix the leak.

Fixes: 62c6ae04cf ("xhci: Initial xHCI implementation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250418-xhc-v1-1-bb32dab6a67e@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This commit is contained in:
Akihiko Odaki 2025-04-18 14:51:48 +09:00 committed by Philippe Mathieu-Daudé
parent b939b8e42a
commit aca4967567
1 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hw/usb/hcd-xhci.c
View file

@ -1187,6 +1187,12 @@ static void xhci_ep_free_xfer(XHCITransfer *xfer)
g_free(xfer);
}
static void xhci_xfer_unmap(XHCITransfer *xfer)
{
usb_packet_unmap(&xfer->packet, &xfer->sgl);
qemu_sglist_destroy(&xfer->sgl);
}
static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report)
{
int killed = 0;
@ -1198,6 +1204,7 @@ static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report)
if (t->running_async) {
usb_cancel_packet(&t->packet);
xhci_xfer_unmap(t);
t->running_async = 0;
killed = 1;
}
@ -1480,12 +1487,6 @@ err:
return -1;
}
static void xhci_xfer_unmap(XHCITransfer *xfer)
{
usb_packet_unmap(&xfer->packet, &xfer->sgl);
qemu_sglist_destroy(&xfer->sgl);
}
static void xhci_xfer_report(XHCITransfer *xfer)
{
uint32_t edtla = 0;