[pve-devel] [PATCH] usb-desc-fix-user-trigerrable-segfaults
Derumier Alexandre
aderumier at odiso.com
Fri Mar 2 09:17:45 CET 2012
Signed-off-by: Derumier Alexandre <aderumier at odiso.com>
---
debian/patches/series | 1 +
.../usb-desc-fix-user-trigerrable-segfaults.diff | 76 ++++++++++++++++++++
2 files changed, 77 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff
diff --git a/debian/patches/series b/debian/patches/series
index af0e823..0bfa296 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ set-max-nics.patch
pve-auth.patch
update-target-x86_64.conf-to-rhel6.2-version.patch
usb-hid-fix-tablet-activation.diff
+usb-desc-fix-user-trigerrable-segfaults.diff
diff --git a/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff b/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff
new file mode 100644
index 0000000..37edb74
--- /dev/null
+++ b/debian/patches/usb-desc-fix-user-trigerrable-segfaults.diff
@@ -0,0 +1,76 @@
+From: Alon Levy <alevy at redhat.com>
+
+Check for dev->config being NULL in two places:
+ USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS.
+
+The behavior of USB_REQ_GET_STATUS is unspecified in the Default state,
+that corresponds to dev->config being NULL (it defaults to NULL and is
+reset whenever a SET_CONFIGURATION with value 0, or attachment). I
+implemented it to correspond with the state before
+ed5a83ddd8c1d8ec7b1015315530cf29949e7c48, the commit moving SET_STATUS
+to usb-desc; if dev->config is not set we return whatever is in the
+first configuration.
+
+The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any
+SET_CONFIGURATION, but here we just return 0 (same as specified for the
+Address state).
+
+A win7 guest failed to initialize the device before this patch,
+segfaulting when GET_STATUS was called with dev->config == NULL. With
+this patch the passthrough device still doesn't work but the failure is
+unrelated.
+
+Signed-off-by: Alon Levy <alevy at redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+---
+ hw/usb-desc.c | 20 +++++++++++++++++---
+ 1 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb-desc.c b/hw/usb-desc.c
+index 3c3ed6a..ccf85ad 100644
+--- a/hw/usb-desc.c
++++ b/hw/usb-desc.c
+@@ -536,7 +536,11 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+ break;
+
+ case DeviceRequest | USB_REQ_GET_CONFIGURATION:
+- data[0] = dev->config->bConfigurationValue;
++ /*
++ * 9.4.2: 0 should be returned if the device is unconfigured, otherwise
++ * the non zero value of bConfigurationValue.
++ */
++ data[0] = dev->config ? dev->config->bConfigurationValue : 0;
+ ret = 1;
+ break;
+ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
+@@ -544,9 +548,18 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+ trace_usb_set_config(dev->addr, value, ret);
+ break;
+
+- case DeviceRequest | USB_REQ_GET_STATUS:
++ case DeviceRequest | USB_REQ_GET_STATUS: {
++ const USBDescConfig *config = dev->config ?
++ dev->config : &dev->device->confs[0];
++
+ data[0] = 0;
+- if (dev->config->bmAttributes & 0x40) {
++ /*
++ * Default state: Device behavior when this request is received while
++ * the device is in the Default state is not specified.
++ * We return the same value that a configured device would return if
++ * it used the first configuration.
++ */
++ if (config->bmAttributes & 0x40) {
+ data[0] |= 1 << USB_DEVICE_SELF_POWERED;
+ }
+ if (dev->remote_wakeup) {
+@@ -555,6 +568,7 @@ int usb_desc_handle_control(USBDevice *dev, USBPacket *p,
+ data[1] = 0x00;
+ ret = 2;
+ break;
++ }
+ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
+ if (value == USB_DEVICE_REMOTE_WAKEUP) {
+ dev->remote_wakeup = 0;
+--
+1.7.1
--
1.7.2.5
More information about the pve-devel
mailing list