Google Git
Sign in
qemu-android / qemu-android / 86e18cae209f8101ff9a6013a1ff6ae620c06944
commit86e18cae209f8101ff9a6013a1ff6ae620c06944[log] [tgz]
authorWei Yang <weiyang@linux.vnet.ibm.com>Thu Mar 08 12:10:44 2012 +1100
committerGerd Hoffmann <kraxel@redhat.com>Tue Mar 13 10:15:32 2012 +0100
treed77d552348fe1b467b945de52c817252e6c28f15
parentfcb70eca3f14349a0ef8e74dc808360f81592026 [diff]
usb-ohci: DMA writeback bug fixes

This patch fixes two bugs in the OHCI device where the device writes
back data to system memory that should be exclusively under the
control of the guest side driver.

In OHCI specification Section 5.2.7, it mentioned "In all cases, Host
Controller Driver is responsible for the insertion and removal of all
Endpoint Descriptors in the various Host Controller Endpoint
Descriptor lists".  In the ohci_frame_boundary(), ohci_put_hcca()
writes the entire hcca back including the interrupt ED lists which
should be under driver control. This violates the specification and
can race with a host driver updating that list at the same time.

In the OHCI Spec Section 4.6, Transfer Descriptor Queue Processing, it
mentioned "Since the TD pointed to by TailP is not accessed by the HC,
the Host Controller Driver can initialize that TD and link at least
one other to it without creating a coherency or synchronization
problem".  While the function ohci_put_ed() writes the entire endpoint
descriptor back including the TailP which should under driver
control. This violate the specification and can race with a host
driver updating the TD list at the same time.

In each case the solution is to make sure we don't write data which is
under driver control.

Cc: Gerd Hoffman <kraxel@redhat.com>

Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
1 file changed
tree: d77d552348fe1b467b945de52c817252e6c28f15
  1. audio/
  2. block/
  3. bsd-user/
  4. darwin-user/
  5. default-configs/
  6. docs/
  7. fpu/
  8. fsdev/
  9. gdb-xml/
  10. hw/
  11. include/
  12. libcacard/
  13. linux-headers/
  14. linux-user/
  15. net/
  16. pc-bios/
  17. qapi/
  18. qga/
  19. QMP/
  20. qom/
  21. roms/
  22. scripts/
  23. slirp/
  24. sysconfigs/
  25. target-alpha/
  26. target-arm/
  27. target-cris/
  28. target-i386/
  29. target-lm32/
  30. target-m68k/
  31. target-microblaze/
  32. target-mips/
  33. target-ppc/
  34. target-s390x/
  35. target-sh4/
  36. target-sparc/
  37. target-unicore32/
  38. target-xtensa/
  39. tcg/
  40. tests/
  41. trace/
  42. ui/
  43. .gitignore
  44. .gitmodules
  45. .mailmap
  46. a.out.h
  47. acl.c
  48. acl.h
  49. aes.c
  50. aes.h
  51. aio.c
  52. alpha-dis.c
  53. alpha.ld
  54. arch_init.c
  55. arch_init.h
  56. arm-dis.c
  57. arm-semi.c
  58. arm.ld
  59. async.c
  60. balloon.c
  61. balloon.h
  62. bitmap.c
  63. bitmap.h
  64. bitops.c
  65. bitops.h
  66. block-migration.c
  67. block-migration.h
  68. block.c
  69. block.h
  70. block_int.h
  71. blockdev.c
  72. blockdev.h
  73. bswap.h
  74. bt-host.c
  75. bt-host.h
  76. bt-vhci.c
  77. buffered_file.c
  78. buffered_file.h
  79. cache-utils.c
  80. cache-utils.h
  81. Changelog
  82. check-qdict.c
  83. check-qfloat.c
  84. check-qint.c
  85. check-qjson.c
  86. check-qlist.c
  87. check-qstring.c
  88. cmd.c
  89. cmd.h
  90. CODING_STYLE
  91. compatfd.c
  92. compatfd.h
  93. compiler.h
  94. config.h
  95. configure
  96. console.c
  97. console.h
  98. COPYING
  99. COPYING.LIB
  100. coroutine-gthread.c
  101. coroutine-sigaltstack.c
  102. coroutine-ucontext.c
  103. coroutine-win32.c
  104. cpu-all.h
  105. cpu-common.h
  106. cpu-defs.h
  107. cpu-exec.c
  108. cpus.c
  109. cpus.h
  110. cris-dis.c
  111. cursor.c
  112. cursor_hidden.xpm
  113. cursor_left_ptr.xpm
  114. cutils.c
  115. def-helper.h
  116. device_tree.c
  117. device_tree.h
  118. dis-asm.h
  119. disas.c
  120. disas.h
  121. dma-helpers.c
  122. dma.h
  123. dyngen-exec.h
  124. elf.h
  125. envlist.c
  126. envlist.h
  127. error.c
  128. error.h
  129. error_int.h
  130. event_notifier.c
  131. event_notifier.h
  132. exec-all.h
  133. exec-memory.h
  134. exec-obsolete.h
  135. exec.c
  136. gdbstub.c
  137. gdbstub.h
  138. gen-icount.h
  139. HACKING
  140. hmp-commands.hx
  141. hmp.c
  142. hmp.h
  143. host-utils.c
  144. host-utils.h
  145. hppa-dis.c
  146. hppa.ld
  147. i386-dis.c
  148. i386.ld
  149. ia64-dis.c
  150. ia64.ld
  151. input.c
  152. int128.h
  153. iohandler.c
  154. ioport-user.c
  155. ioport.c
  156. ioport.h
  157. iorange.h
  158. iov.c
  159. iov.h
  160. json-lexer.c
  161. json-lexer.h
  162. json-parser.c
  163. json-parser.h
  164. json-streamer.c
  165. json-streamer.h
  166. kvm-all.c
  167. kvm-stub.c
  168. kvm.h
  169. libfdt_env.h
  170. LICENSE
  171. linux-aio.c
  172. m68k-dis.c
  173. m68k-semi.c
  174. m68k.ld
  175. main-loop.c
  176. main-loop.h
  177. MAINTAINERS
  178. Makefile
  179. Makefile.dis
  180. Makefile.hw
  181. Makefile.objs
  182. Makefile.target
  183. Makefile.user
  184. memory.c
  185. memory.h
  186. microblaze-dis.c
  187. migration-exec.c
  188. migration-fd.c
  189. migration-tcp.c
  190. migration-unix.c
  191. migration.c
  192. migration.h
  193. mips-dis.c
  194. mips.ld
  195. module.c
  196. module.h
  197. monitor.c
  198. monitor.h
  199. nbd.c
  200. nbd.h
  201. net.c
  202. net.h
  203. notify.c
  204. notify.h
  205. os-posix.c
  206. os-win32.c
  207. osdep.c
  208. osdep.h
  209. oslib-posix.c
  210. oslib-win32.c
  211. path.c
  212. pci-ids.txt
  213. pflib.c
  214. pflib.h
  215. poison.h
  216. posix-aio-compat.c
  217. ppc-dis.c
  218. ppc.ld
  219. ppc64.ld
  220. qapi-schema-guest.json
  221. qapi-schema-test.json
  222. qapi-schema.json
  223. qbool.c
  224. qbool.h
  225. qdict-test-data.txt
  226. qdict.c
  227. qdict.h
  228. qemu-aio.h
  229. qemu-barrier.h
  230. qemu-bridge-helper.c
  231. qemu-char.c
  232. qemu-char.h
  233. qemu-common.h
  234. qemu-config.c
  235. qemu-config.h
  236. qemu-coroutine-int.h
  237. qemu-coroutine-io.c
  238. qemu-coroutine-lock.c
  239. qemu-coroutine-sleep.c
  240. qemu-coroutine.c
  241. qemu-coroutine.h
  242. qemu-doc.texi
  243. qemu-error.c
  244. qemu-error.h
  245. qemu-file.h
  246. qemu-ga.c
  247. qemu-img-cmds.hx
  248. qemu-img.c
  249. qemu-img.texi
  250. qemu-io.c
  251. qemu-lock.h
  252. qemu-log.h
  253. qemu-nbd.c
  254. qemu-nbd.texi
  255. qemu-objects.h
  256. qemu-option.c
  257. qemu-option.h
  258. qemu-options-wrapper.h
  259. qemu-options.h
  260. qemu-options.hx
  261. qemu-os-posix.h
  262. qemu-os-win32.h
  263. qemu-progress.c
  264. qemu-queue.h
  265. qemu-sockets.c
  266. qemu-tech.texi
  267. qemu-thread-posix.c
  268. qemu-thread-posix.h
  269. qemu-thread-win32.c
  270. qemu-thread-win32.h
  271. qemu-thread.h
  272. qemu-timer-common.c
  273. qemu-timer.c
  274. qemu-timer.h
  275. qemu-tls.h
  276. qemu-tool.c
  277. qemu-x509.h
  278. qemu-xattr.h
  279. qemu.sasl
  280. qemu_socket.h
  281. qerror.c
  282. qerror.h
  283. qfloat.c
  284. qfloat.h
  285. qint.c
  286. qint.h
  287. qjson.c
  288. qjson.h
  289. qlist.c
  290. qlist.h
  291. qmp-commands.hx
  292. qmp.c
  293. qobject.h
  294. qstring.c
  295. qstring.h
  296. range.h
  297. readline.c
  298. readline.h
  299. README
  300. rules.mak
  301. s390-dis.c
  302. s390.ld
  303. savevm.c
  304. sh4-dis.c
  305. softmmu-semi.h
  306. softmmu_defs.h
  307. softmmu_exec.h
  308. softmmu_header.h
  309. softmmu_template.h
  310. sparc-dis.c
  311. sparc.ld
  312. sparc64.ld
  313. spice-qemu-char.c
  314. sysemu.h
  315. targphys.h
  316. tcg-runtime.c
  317. tci-dis.c
  318. tci.c
  319. test-coroutine.c
  320. test-qmp-commands.c
  321. test-qmp-input-visitor.c
  322. test-qmp-output-visitor.c
  323. test-string-input-visitor.c
  324. test-string-output-visitor.c
  325. thunk.c
  326. thunk.h
  327. TODO
  328. trace-events
  329. translate-all.c
  330. uboot_image.h
  331. user-exec.c
  332. VERSION
  333. version.rc
  334. vgafont.h
  335. vl.c
  336. vmstate.h
  337. x86_64.ld
  338. xen-all.c
  339. xen-mapcache.c
  340. xen-mapcache.h
  341. xen-stub.c
  342. xtensa-semi.c