motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-03 15:53:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/hw/usb
History
Longpeng 0a076730ad usb/xhci: avoid trigger assertion if guest write wrong epid 
we found the following core in our environment:
0  0x00007fc6b06c2237 in raise ()
1  0x00007fc6b06c3928 in abort ()
2  0x00007fc6b06bb056 in __assert_fail_base ()
3  0x00007fc6b06bb102 in __assert_fail ()
4  0x0000000000702e36 in xhci_kick_ep (...)
5  0x000000000047897a in memory_region_write_accessor (...)
6  0x000000000047767f in access_with_adjusted_size (...)
7  0x000000000047944d in memory_region_dispatch_write (...)
(mr=mr@entry=0x7fc6a0138df0, addr=addr@entry=156, data=1648892416,
size=size@entry=4, attrs=attrs@entry=...)
8  0x000000000042df17 in address_space_write_continue (...)
10 0x000000000043084d in address_space_rw (...)
11 0x000000000047451b in kvm_cpu_exec (cpu=cpu@entry=0x1ab11b0)
12 0x000000000045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0)
13 0x0000000000870631 in qemu_thread_start (args=args@entry=0x1acfb50)
14 0x00000000008959a7 in thread_entry_for_hotfix (pthread_cb=<optimized out>)
15 0x00007fc6b0a60dd5 in start_thread ()
16 0x00007fc6b078a59d in clone ()

(gdb) f 5
5  0x000000000047897a in memory_region_write_accessor (...)
529	    mr->ops->write(mr->opaque, addr, tmp, size);
(gdb) p /x tmp
$9 = 0x62481a00 <-- last byte 0x00 is @epid

xhci_doorbell_write() already check the upper bound of @slotid an @epid,
it also need to check the lower bound.

Cc: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Longpeng <longpeng2@huawei.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 1556605301-44112-1-git-send-email-longpeng2@huawei.com

[ kraxel: fixed typo in subject line ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-02 08:40:00 +02:00
..
bus.c hw/usb/bus.c: Handle "no speed matched" case in usb_mask_to_str() 2019-04-01 08:53:44 +02:00
ccid-card-emulated.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
ccid-card-passthru.c hw/usb: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
ccid.h usb-ccid: convert CCIDCardClass::exitfn() -> unrealize() 2018-01-26 07:59:33 +01:00
chipidea.c usb: Add basic code to emulate Chipidea USB IP 2018-02-09 10:40:30 +00:00
combined-packet.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
core.c usb: remove unnecessary NULL device check from usb_ep_get() 2019-02-20 09:41:23 +01:00
desc-msos.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.h all: Clean up includes 2016-02-23 12:43:05 +00:00
dev-audio.c audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
dev-bluetooth.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-hid.c usb: assign unique serial numbers to hid devices 2019-01-30 06:47:52 +01:00
dev-hub.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-mtp.c usb-mtp: change default to success for usb_mtp_update_object 2019-05-02 08:29:33 +02:00
dev-network.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
dev-serial.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
dev-smartcard-reader.c qdev: pass an Object * to qbus_set_hotplug_handler() 2019-02-17 21:54:02 +11:00
dev-storage.c block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
dev-uas.c Revert "usb: release the created buses" 2018-06-18 09:15:51 +02:00
dev-wacom.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
hcd-ehci-pci.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci-sysbus.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci.c ehci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ehci.h hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-musb.c usb: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ohci.c ohci: don't die on ED_LINK_LIMIT overflow 2019-03-26 12:01:45 +01:00
hcd-uhci.c uhci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-xhci-nec.c xhci: split into multiple files 2017-05-29 14:03:35 +02:00
hcd-xhci.c usb/xhci: avoid trigger assertion if guest write wrong epid 2019-05-02 08:40:00 +02:00
hcd-xhci.h usb: implement XHCI underrun/overrun events 2019-01-30 06:47:52 +01:00
host-libusb.c Introduce new "no_guest_reset" parameter for usb-host device 2019-03-07 10:03:54 +01:00
host-stub.c usb: Remove legacy -usbdevice options (host, serial, disk and net) 2018-01-26 07:15:08 +01:00
host.h usb-host: move legacy cmd line bits 2013-02-19 12:30:05 +01:00
Kconfig scsi: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
libhw.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
Makefile.objs build: convert usb.mak to Kconfig 2019-03-07 21:45:53 +01:00
quirks-ftdi-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks-pl2303-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
quirks.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
redirect.c usb: add device checks before redirector calls to usb_ep_get() 2019-02-20 09:41:23 +01:00
trace-events trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
tusb6010.c hw: Remove unused 'hw/devices.h' include 2019-03-07 22:16:11 +01:00
xen-usb.c xen: re-name XenDevice to XenLegacyDevice... 2019-01-14 13:45:40 +00:00