From b66ad1f1aa4dba4e8e242ad8339dd01f4ee77c5e Mon Sep 17 00:00:00 2001 From: Hans Petter Selasky Date: Tue, 23 Aug 2016 13:39:49 +0200 Subject: [PATCH 1/5] xhci: Fix remainder field for TR_SETUP completion event. Previously the code would incorrectly report the remainder as 8 bytes. A remainder of 0 bytes should be reported when the SETUP packet is successfully transferred. Found using FreeBSD's XHCI driver. Signed-off-by: Hans Petter Selasky [ kraxel: codestyle fixup ] Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-xhci.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 188f95416a..37c14938a7 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1753,6 +1753,12 @@ static void xhci_xfer_report(XHCITransfer *xfer) unsigned int chunk = 0; switch (TRB_TYPE(*trb)) { + case TR_SETUP: + chunk = trb->status & 0x1ffff; + if (chunk > 8) { + chunk = 8; + } + break; case TR_DATA: case TR_NORMAL: case TR_ISOCH: From 6a71123469e0c9286354c6655440da51566c1763 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 9 Sep 2016 09:41:30 +0200 Subject: [PATCH 2/5] usb-host: fix streams detection in usb_host_speed_compat The companion descriptor is present on all usb3 devices, not only those with streams support. We need to check attributes to see whenever the device uses streams or not. Signed-off-by: Gerd Hoffmann Message-id: 1473406890-30164-1-git-send-email-kraxel@redhat.com --- hw/usb/host-libusb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index e94672c155..bd81d71a98 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -743,10 +743,13 @@ static void usb_host_speed_compat(USBHostDevice *s) rc = libusb_get_ss_endpoint_companion_descriptor (ctx, endp, &endp_ss_comp); if (rc == LIBUSB_SUCCESS) { + int streams = endp_ss_comp->bmAttributes & 0x1f; + if (streams) { + compat_full = false; + compat_high = false; + } libusb_free_ss_endpoint_companion_descriptor (endp_ss_comp); - compat_full = false; - compat_high = false; } #endif break; From b53dd4495ced2432a0b652ea895e651d07336f7e Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Tue, 13 Sep 2016 03:20:03 -0700 Subject: [PATCH 3/5] usb:xhci:fix memory leak in usb_xhci_exit If the xhci uses msix, it doesn't free the corresponding memory, thus leading a memory leak. This patch avoid this. Signed-off-by: Li Qiang Message-id: 57d7d2e0.d4301c0a.d13e9.9a55@mx.google.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-xhci.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 37c14938a7..726435c462 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3715,8 +3715,7 @@ static void usb_xhci_exit(PCIDevice *dev) /* destroy msix memory region */ if (dev->msix_table && dev->msix_pba && dev->msix_entry_used) { - memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio); - memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio); + msix_uninit(dev, &xhci->mem, &xhci->mem); } usb_bus_release(&xhci->bus); From 8a5865f331028e66b4ed233129d7a914c2d5bfc7 Mon Sep 17 00:00:00 2001 From: Isaac Lozano <109lozanoi@gmail.com> Date: Sat, 6 Aug 2016 03:06:01 -0700 Subject: [PATCH 4/5] usb-mtp: fix sending files larger than 4gb MTP requires that if a file is larger than 4gb or if sending data larger than 4gb, that the length field be set to 0xFFFFFFFF. Also widened a couple variables to prevent overflow errors. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Message-id: 01ad8ec7775f58575801ac3f13716f553a16815e.1470477265.git.109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 1be85ae75a..869d244530 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -115,8 +115,8 @@ struct MTPControl { struct MTPData { uint16_t code; uint32_t trans; - uint32_t offset; - uint32_t length; + uint64_t offset; + uint64_t length; uint32_t alloc; uint8_t *data; bool first; @@ -883,7 +883,12 @@ static MTPData *usb_mtp_get_object_info(MTPState *s, MTPControl *c, usb_mtp_add_u32(d, QEMU_STORAGE_ID); usb_mtp_add_u16(d, o->format); usb_mtp_add_u16(d, 0); - usb_mtp_add_u32(d, o->stat.st_size); + + if (o->stat.st_size > 0xFFFFFFFF) { + usb_mtp_add_u32(d, 0xFFFFFFFF); + } else { + usb_mtp_add_u32(d, o->stat.st_size); + } usb_mtp_add_u16(d, 0); usb_mtp_add_u32(d, 0); @@ -1193,10 +1198,15 @@ static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p) } if (s->data_in != NULL) { MTPData *d = s->data_in; - int dlen = d->length - d->offset; + uint64_t dlen = d->length - d->offset; if (d->first) { trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length); - container.length = cpu_to_le32(d->length + sizeof(container)); + if (d->length + sizeof(container) > 0xFFFFFFFF) { + container.length = cpu_to_le32(0xFFFFFFFF); + } else { + container.length = + cpu_to_le32(d->length + sizeof(container)); + } container.type = cpu_to_le16(TYPE_DATA); container.code = cpu_to_le16(d->code); container.trans = cpu_to_le32(d->trans); From 67f3ef0c7a149a4e92b877375f771e065ae58651 Mon Sep 17 00:00:00 2001 From: Isaac Lozano <109lozanoi@gmail.com> Date: Sat, 6 Aug 2016 03:06:02 -0700 Subject: [PATCH 5/5] usb-mtp: added object properties Windows uses object properties to determine the size of a file, so to add object properties, we must also add a minimum set of new commands and object properties. Most object properties are data that we already have, except for the unique persistant object identifier. Windows doesn't use this property, it seems, so we can cheat a bit and just use the object handle for it. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Message-id: a741d0dd380cd7eb1695e1eb34ee6f341183f20a.1470477265.git.109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 177 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 869d244530..58d95fffb2 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -48,6 +48,9 @@ enum mtp_code { CMD_GET_OBJECT_INFO = 0x1008, CMD_GET_OBJECT = 0x1009, CMD_GET_PARTIAL_OBJECT = 0x101b, + CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801, + CMD_GET_OBJECT_PROP_DESC = 0x9802, + CMD_GET_OBJECT_PROP_VALUE = 0x9803, /* response codes */ RES_OK = 0x2001, @@ -59,10 +62,12 @@ enum mtp_code { RES_INCOMPLETE_TRANSFER = 0x2007, RES_INVALID_STORAGE_ID = 0x2008, RES_INVALID_OBJECT_HANDLE = 0x2009, + RES_INVALID_OBJECT_FORMAT_CODE = 0x200b, RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014, RES_INVALID_PARENT_OBJECT = 0x201a, RES_INVALID_PARAMETER = 0x201d, RES_SESSION_ALREADY_OPEN = 0x201e, + RES_INVALID_OBJECT_PROP_CODE = 0xA801, /* format codes */ FMT_UNDEFINED_OBJECT = 0x3000, @@ -72,6 +77,22 @@ enum mtp_code { EVT_OBJ_ADDED = 0x4002, EVT_OBJ_REMOVED = 0x4003, EVT_OBJ_INFO_CHANGED = 0x4007, + + /* object properties */ + PROP_STORAGE_ID = 0xDC01, + PROP_OBJECT_FORMAT = 0xDC02, + PROP_OBJECT_COMPRESSED_SIZE = 0xDC04, + PROP_PARENT_OBJECT = 0xDC0B, + PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER = 0xDC41, + PROP_NAME = 0xDC44, +}; + +enum mtp_data_type { + DATA_TYPE_UINT16 = 0x0004, + DATA_TYPE_UINT32 = 0x0006, + DATA_TYPE_UINT64 = 0x0008, + DATA_TYPE_UINT128 = 0x000a, + DATA_TYPE_STRING = 0xffff, }; typedef struct { @@ -778,6 +799,9 @@ static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c) CMD_GET_OBJECT_INFO, CMD_GET_OBJECT, CMD_GET_PARTIAL_OBJECT, + CMD_GET_OBJECT_PROPS_SUPPORTED, + CMD_GET_OBJECT_PROP_DESC, + CMD_GET_OBJECT_PROP_VALUE, }; static const uint16_t fmt[] = { FMT_UNDEFINED_OBJECT, @@ -971,6 +995,122 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, return d; } +static MTPData *usb_mtp_get_object_props_supported(MTPState *s, MTPControl *c) +{ + static const uint16_t props[] = { + PROP_STORAGE_ID, + PROP_OBJECT_FORMAT, + PROP_OBJECT_COMPRESSED_SIZE, + PROP_PARENT_OBJECT, + PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER, + PROP_NAME, + }; + MTPData *d = usb_mtp_data_alloc(c); + usb_mtp_add_u16_array(d, ARRAY_SIZE(props), props); + + return d; +} + +static MTPData *usb_mtp_get_object_prop_desc(MTPState *s, MTPControl *c) +{ + MTPData *d = usb_mtp_data_alloc(c); + switch (c->argv[0]) { + case PROP_STORAGE_ID: + usb_mtp_add_u16(d, PROP_STORAGE_ID); + usb_mtp_add_u16(d, DATA_TYPE_UINT32); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + case PROP_OBJECT_FORMAT: + usb_mtp_add_u16(d, PROP_OBJECT_FORMAT); + usb_mtp_add_u16(d, DATA_TYPE_UINT16); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u16(d, 0x0000); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + case PROP_OBJECT_COMPRESSED_SIZE: + usb_mtp_add_u16(d, PROP_OBJECT_COMPRESSED_SIZE); + usb_mtp_add_u16(d, DATA_TYPE_UINT64); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u64(d, 0x0000000000000000); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + case PROP_PARENT_OBJECT: + usb_mtp_add_u16(d, PROP_PARENT_OBJECT); + usb_mtp_add_u16(d, DATA_TYPE_UINT32); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER: + usb_mtp_add_u16(d, PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER); + usb_mtp_add_u16(d, DATA_TYPE_UINT128); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u64(d, 0x0000000000000000); + usb_mtp_add_u64(d, 0x0000000000000000); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + case PROP_NAME: + usb_mtp_add_u16(d, PROP_NAME); + usb_mtp_add_u16(d, DATA_TYPE_STRING); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u8(d, 0x00); + usb_mtp_add_u32(d, 0x00000000); + usb_mtp_add_u8(d, 0x00); + break; + default: + usb_mtp_data_free(d); + return NULL; + } + + return d; +} + +static MTPData *usb_mtp_get_object_prop_value(MTPState *s, MTPControl *c, + MTPObject *o) +{ + MTPData *d = usb_mtp_data_alloc(c); + switch (c->argv[1]) { + case PROP_STORAGE_ID: + usb_mtp_add_u32(d, QEMU_STORAGE_ID); + break; + case PROP_OBJECT_FORMAT: + usb_mtp_add_u16(d, o->format); + break; + case PROP_OBJECT_COMPRESSED_SIZE: + usb_mtp_add_u64(d, o->stat.st_size); + break; + case PROP_PARENT_OBJECT: + if (o->parent == NULL) { + usb_mtp_add_u32(d, 0x00000000); + } else { + usb_mtp_add_u32(d, o->parent->handle); + } + break; + case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER: + /* Should be persistant between sessions, + * but using our objedt ID is "good enough" + * for now */ + usb_mtp_add_u64(d, 0x0000000000000000); + usb_mtp_add_u64(d, o->handle); + break; + case PROP_NAME: + usb_mtp_add_str(d, o->name); + break; + default: + usb_mtp_data_free(d); + return NULL; + } + + return d; +} + static void usb_mtp_command(MTPState *s, MTPControl *c) { MTPData *data_in = NULL; @@ -1118,6 +1258,43 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) nres = 1; res0 = data_in->length; break; + case CMD_GET_OBJECT_PROPS_SUPPORTED: + if (c->argv[0] != FMT_UNDEFINED_OBJECT && + c->argv[0] != FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_object_props_supported(s, c); + break; + case CMD_GET_OBJECT_PROP_DESC: + if (c->argv[1] != FMT_UNDEFINED_OBJECT && + c->argv[1] != FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_object_prop_desc(s, c); + if (data_in == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE, + c->trans, 0, 0, 0); + return; + } + break; + case CMD_GET_OBJECT_PROP_VALUE: + o = usb_mtp_object_lookup(s, c->argv[0]); + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_object_prop_value(s, c, o); + if (data_in == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE, + c->trans, 0, 0, 0); + return; + } + break; default: trace_usb_mtp_op_unknown(s->dev.addr, c->code); usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED,