diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2012-12-14 13:10:39 +0100 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2013-01-07 12:57:24 +0100 |
| commit | a820b575787ac0b6b274b6a89aa6ef9813b4c782 (patch) | |
| tree | 817aa4a20eebc3f253d5ae9e6062bff979acfa37 | |
| parent | e97f0aca796fb949f9d34c50603511048a52b39b (diff) | |
| download | qemu-a820b575787ac0b6b274b6a89aa6ef9813b4c782.tar.gz | |
xhci: call set-address with dummy usbpacket
Due to the way devices are addressed with xhci (done by hardware, not
the guest os) there is no packet when invoking the set-address control
request. Create a dummy packet in that case to avoid null pointer
dereferences.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| -rw-r--r-- | hw/usb/hcd-xhci.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 40542b8d05..9132920932 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1970,13 +1970,18 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, if (bsr) { slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT; } else { + USBPacket p; slot->devaddr = xhci->devaddr++; slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slot->devaddr; DPRINTF("xhci: device address is %d\n", slot->devaddr); usb_device_reset(dev); - usb_device_handle_control(dev, NULL, + usb_packet_setup(&p, USB_TOKEN_OUT, + usb_ep_get(dev, USB_TOKEN_OUT, 0), + 0, false, false); + usb_device_handle_control(dev, &p, DeviceOutRequest | USB_REQ_SET_ADDRESS, slot->devaddr, 0, 0, NULL); + assert(p.status != USB_RET_ASYNC); } res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx); |