[pve-devel] [PATCH] usb-desc-fix-user-trigerrable-segfaults

Derumier Alexandre aderumier at odiso.com
Fri Mar 2 09:17:45 CET 2012


Signed-off-by: Derumier Alexandre <aderumier at odiso.com>
---
 debian/patches/series                              |    1 +
 .../usb-desc-fix-user-trigerrable-segfaults.diff   |   76 ++++++++++++++++++++
 2 files changed, 77 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff

diff --git a/debian/patches/series b/debian/patches/series
index af0e823..0bfa296 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ set-max-nics.patch
 pve-auth.patch
 update-target-x86_64.conf-to-rhel6.2-version.patch
 usb-hid-fix-tablet-activation.diff
+usb-desc-fix-user-trigerrable-segfaults.diff
diff --git a/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff b/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff
new file mode 100644
index 0000000..37edb74
--- /dev/null
+++ b/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff
@@ -0,0 +1,76 @@
+From: Alon Levy <alevy at redhat.com>
+
+Check for dev->config being NULL in two places:
+ USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS.
+
+The behavior of USB_REQ_GET_STATUS is unspecified in the Default state,
+that corresponds to dev->config being NULL (it defaults to NULL and is
+reset whenever a SET_CONFIGURATION with value 0, or attachment). I
+implemented it to correspond with the state before
+ed5a83ddd8c1d8ec7b1015315530cf29949e7c48, the commit moving SET_STATUS
+to usb-desc; if dev->config is not set we return whatever is in the
+first configuration.
+
+The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any
+SET_CONFIGURATION, but here we just return 0 (same as specified for the
+Address state).
+
+A win7 guest failed to initialize the device before this patch,
+segfaulting when GET_STATUS was called with dev->config == NULL. With
+this patch the passthrough device still doesn't work but the failure is
+unrelated.
+
+Signed-off-by: Alon Levy <alevy at redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+---
+ hw/usb-desc.c |   20 +++++++++++++++++---
+ 1 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb-desc.c b/hw/usb-desc.c
+index 3c3ed6a..ccf85ad 100644
+--- a/hw/usb-desc.c
++++ b/hw/usb-desc.c
+@@ -536,7 +536,11 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+         break;
+ 
+     case DeviceRequest | USB_REQ_GET_CONFIGURATION:
+-        data[0] = dev->config->bConfigurationValue;
++        /*
++         * 9.4.2: 0 should be returned if the device is unconfigured, otherwise
++         * the non zero value of bConfigurationValue.
++         */
++        data[0] = dev->config ? dev->config->bConfigurationValue : 0;
+         ret = 1;
+         break;
+     case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+@@ -544,9 +548,18 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+         trace_usb_set_config(dev->addr, value, ret);
+         break;
+ 
+-    case DeviceRequest | USB_REQ_GET_STATUS:
++    case DeviceRequest | USB_REQ_GET_STATUS: {
++        const USBDescConfig *config = dev->config ?
++            dev->config : &dev->device->confs[0];
++
+         data[0] = 0;
+-        if (dev->config->bmAttributes & 0x40) {
++        /*
++         * Default state: Device behavior when this request is received while
++         *                the device is in the Default state is not specified.
++         * We return the same value that a configured device would return if
++         * it used the first configuration.
++         */
++        if (config->bmAttributes & 0x40) {
+             data[0] |= 1 << USB_DEVICE_SELF_POWERED;
+         }
+         if (dev->remote_wakeup) {
+@@ -555,6 +568,7 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+         data[1] = 0x00;
+         ret = 2;
+         break;
++    }
+     case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
+         if (value == USB_DEVICE_REMOTE_WAKEUP) {
+             dev->remote_wakeup = 0;
+-- 
+1.7.1
-- 
1.7.2.5



More information about the pve-devel mailing list