Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160321-1' into staging

usb: bugfix collection. # gpg: Signature made Mon 21 Mar 2016 11:07:39 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20160321-1: usb: ehci: add capability mmio write function hw/usb/dev-mtp: Guard inotify usage with CONFIG_INOTIFY1 usb: fix unbound stack warning for inotify_watchfn usb: fix unbound stack usage for usb_mtp_add_str usb: fix unbounded stack warning for xhci_dma_write_u32s usb: Fix compilation for Windows Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Peter Maydell <peter.maydell@linaro.org> 2016-03-22 16:42:06 +0000
committer: Peter Maydell <peter.maydell@linaro.org> 2016-03-22 16:42:06 +0000
commit: ac0d25e843bdad441db2a26f78898f533bf91bb5 (patch)
tree: 8aba27d380262f23b2d2a8fc9d156cb706f89800
parent: 9fa570d57e44e065b663715400eafc60fe66e005 (diff)
parent: dff0367cf66f489aa772320fa2937a8cac1ca30d (diff)
4 files changed, 28 insertions, 17 deletions
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 7391783193..ee2071f3d5 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -14,7 +14,7 @@
 #include <dirent.h>
 
 #include <sys/statvfs.h>
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
 #include <sys/inotify.h>
 #include "qemu/main-loop.h"
 #endif
@@ -92,7 +92,7 @@ enum {
     EP_EVENT,
 };
 
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
 typedef struct MTPMonEntry MTPMonEntry;
 
 struct MTPMonEntry {
@@ -127,7 +127,7 @@ struct MTPObject {
     char         *name;
     char         *path;
     struct stat  stat;
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
     /* inotify watch cookie */
     int          watchfd;
 #endif
@@ -152,7 +152,7 @@ struct MTPState {
     uint32_t     next_handle;
 
     QTAILQ_HEAD(, MTPObject) objects;
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
     /* inotify descriptor */
     int          inotifyfd;
     QTAILQ_HEAD(events, MTPMonEntry) events;
@@ -400,7 +400,7 @@ static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o,
     return child;
 }
 
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
 static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent,
                                              char *name, int len)
 {
@@ -433,12 +433,11 @@ static void inotify_watchfn(void *arg)
     MTPState *s = arg;
     ssize_t bytes;
     /* From the man page: atleast one event can be read */
-    int len = sizeof(struct inotify_event) + NAME_MAX + 1;
     int pos;
-    char buf[len];
+    char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
 
     for (;;) {
-        bytes = read(s->inotifyfd, buf, len);
+        bytes = read(s->inotifyfd, buf, sizeof(buf));
         pos = 0;
 
         if (bytes <= 0) {
@@ -593,7 +592,7 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
     if (!dir) {
         return;
     }
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
     int watchfd = usb_mtp_add_watch(s->inotifyfd, o->path);
     if (watchfd == -1) {
         fprintf(stderr, "usb-mtp: failed to add watch for %s\n", o->path);
@@ -718,7 +717,7 @@ static void usb_mtp_add_wstr(MTPData *data, const wchar_t *str)
 static void usb_mtp_add_str(MTPData *data, const char *str)
 {
     uint32_t len = strlen(str)+1;
-    wchar_t wstr[len];
+    wchar_t *wstr = g_new(wchar_t, len);
     size_t ret;
 
     ret = mbstowcs(wstr, str, len);
@@ -727,6 +726,8 @@ static void usb_mtp_add_str(MTPData *data, const char *str)
     } else {
         usb_mtp_add_wstr(data, wstr);
     }
+
+    g_free(wstr);
 }
 
 static void usb_mtp_add_time(MTPData *data, time_t time)
@@ -995,7 +996,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c)
         trace_usb_mtp_op_open_session(s->dev.addr);
         s->session = c->argv[0];
         usb_mtp_object_alloc(s, s->next_handle++, NULL, s->root);
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
         if (usb_mtp_inotify_init(s)) {
             fprintf(stderr, "usb-mtp: file monitoring init failed\n");
         }
@@ -1005,7 +1006,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c)
         trace_usb_mtp_op_close_session(s->dev.addr);
         s->session = 0;
         s->next_handle = 0;
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
         usb_mtp_inotify_cleanup(s);
 #endif
         usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
@@ -1133,7 +1134,7 @@ static void usb_mtp_handle_reset(USBDevice *dev)
 
     trace_usb_mtp_reset(s->dev.addr);
 
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
     usb_mtp_inotify_cleanup(s);
 #endif
     usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
@@ -1296,7 +1297,7 @@ static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p)
         }
         break;
     case EP_EVENT:
-#ifdef __linux__
+#ifdef CONFIG_INOTIFY1
         if (!QTAILQ_EMPTY(&s->events)) {
             struct MTPMonEntry *e = QTAILQ_LAST(&s->events, events);
             uint32_t handle;
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 1b50601fc1..0f95d0d284 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
     return s->caps[addr];
 }
 
+static void ehci_caps_write(void *ptr, hwaddr addr,
+                             uint64_t val, unsigned size)
+{
+}
+
 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
                                 unsigned size)
 {
@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
 
 static const MemoryRegionOps ehci_mmio_caps_ops = {
     .read = ehci_caps_read,
+    .write = ehci_caps_write,
     .valid.min_access_size = 1,
     .valid.max_access_size = 4,
     .impl.min_access_size = 1,
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 44b6f8c03d..bcde8a2f48 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -698,11 +698,13 @@ static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr,
                                        uint32_t *buf, size_t len)
 {
     int i;
-    uint32_t tmp[len / sizeof(uint32_t)];
+    uint32_t tmp[5];
+    uint32_t n = len / sizeof(uint32_t);
 
     assert((len % sizeof(uint32_t)) == 0);
+    assert(n <= ARRAY_SIZE(tmp));
 
-    for (i = 0; i < (len / sizeof(uint32_t)); i++) {
+    for (i = 0; i < n; i++) {
         tmp[i] = cpu_to_le32(buf[i]);
     }
     pci_dma_write(PCI_DEVICE(xhci), addr, tmp, len);
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 38a539311b..cbcc218183 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -34,12 +34,14 @@
 #include "qemu/iov.h"
 #include "sysemu/char.h"
 
-#include <sys/ioctl.h>
 #include <usbredirparser.h>
 #include <usbredirfilter.h>
 
 #include "hw/usb.h"
 
+/* ERROR is defined below. Remove any previous definition. */
+#undef ERROR
+
 #define MAX_ENDPOINTS 32
 #define NO_INTERFACE_INFO 255 /* Valid interface_count always <= 32 */
 #define EP2I(ep_address) (((ep_address & 0x80) >> 3) | (ep_address & 0x0f))
author	Peter Maydell <peter.maydell@linaro.org>	2016-03-22 16:42:06 +0000
committer	Peter Maydell <peter.maydell@linaro.org>	2016-03-22 16:42:06 +0000
commit	ac0d25e843bdad441db2a26f78898f533bf91bb5 (patch)
tree	8aba27d380262f23b2d2a8fc9d156cb706f89800
parent	9fa570d57e44e065b663715400eafc60fe66e005 (diff)
parent	dff0367cf66f489aa772320fa2937a8cac1ca30d (diff)