summaryrefslogtreecommitdiff
path: root/hw/usb
diff options
context:
space:
mode:
authorSebastian Bauer <mail@sebastianbauer.info>2018-06-26 00:27:18 +0200
committerGerd Hoffmann <kraxel@redhat.com>2018-07-03 09:49:44 +0200
commit8bb01b257f3398eae059e93bd7c8a3f5f54c5438 (patch)
tree8c03eedd93e3d7022da3fa49d40e628b64b5747a /hw/usb
parentab08440a4ee09032d1a9cb22fdcab23bc7e1c656 (diff)
ehci: Don't fetch a NULL current qtd but advance the queue instead.
Fetching qtd with the NULL address most likely makes no sense so from now on, we handle it this case similarly as if the terminate (T) bit is not set, which is already an exception as according to section 3.6 of the EHCI spec there is no T bit defined for the current_qtd field. The spec is a bit vague on how an EHCI driver should initialize these fields: "The general operational model is that the host controller can detect whether the overlay area contains a description of an active transfer" (p. 49). QEMU primarily uses the QTD_TOKEN_ACTIVE bit of the queue header to infer the activity state but there are other ways conceivable. This change allows QEMU to boot further into AmigaOS. The public available version of the EHCI driver recycles queue heads in some rare conditions but only clears the current_qtd field but not the status field. This works with many available EHCI PCI cards but e.g., not with the Freescale USB controller's found on the P5040. On the emulated EHCI controller of QEMU the consequence is that some garbage was read in, which resulted in a reset of the controller. This change fixes the problem. Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20180625222718.4488-1-mail@sebastianbauer.info Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb')
-rw-r--r--hw/usb/hcd-ehci.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 0134232627..e5acfc5ba5 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1672,7 +1672,8 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
ehci_set_state(ehci, async, EST_HORIZONTALQH);
} else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
- (NLPTR_TBIT(q->qh.current_qtd) == 0)) {
+ (NLPTR_TBIT(q->qh.current_qtd) == 0) &&
+ (q->qh.current_qtd != 0)) {
q->qtdaddr = q->qh.current_qtd;
ehci_set_state(ehci, async, EST_FETCHQTD);