diff mbox

usb: xhci: break loop after ctrl transfer complete

Message ID 20170213075558.786-1-ppandit@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Prasad Pandit Feb. 13, 2017, 7:55 a.m. UTC 
From: Prasad J Pandit <pjp@fedoraproject.org>

xHCI controller emulator loops through the transfer ring to
transfer control/data between host memory and device endpoints.
It continues to do so after processing 'Status Stage' TD which
is the last descriptor in control transfer. Add break to avoid
infinite loop.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/usb/hcd-xhci.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Gerd Hoffmann Feb. 13, 2017, 1:28 p.m. UTC | #1 
On Mo, 2017-02-13 at 13:25 +0530, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
> 
> xHCI controller emulator loops through the transfer ring to
> transfer control/data between host memory and device endpoints.
> It continues to do so after processing 'Status Stage' TD which
> is the last descriptor in control transfer.

That is perfectly fine.  The guest is allowed to queue up multiple
requests.

> Add break to avoid
> infinite loop.

It's not that simple.

https://patchwork.ozlabs.org/patch/724484/

cheers,
  Gerd
diff mbox

Patch

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 54b3901..7e2d345 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -2252,6 +2252,7 @@  static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
         if (xfer->complete) {
             xhci_ep_free_xfer(xfer);
             xfer = NULL;
+            break;
         }
 
         if (epctx->state == EP_HALTED) {