If the supplied speed data doesn't match the device speed,
return CC_PARAMETER_ERROR. See 6.2.2.1 of the xhci spec.
Signed-off-by: Sebastian Bauer <m...@sebastianbauer.info>
---
Changes v1->v2: Added description to the patch
hw/usb/hcd-xhci.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 37b3dbb..32a3681 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1822,6 +1822,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci,
unsigned int slotid,
uint32_t ictl_ctx[2];
uint32_t slot_ctx[4];
uint32_t ep0_ctx[5];
+ uint32_t speed;
int i;
TRBCCode res;
@@ -1865,6 +1866,15 @@ static TRBCCode xhci_address_slot(XHCIState *xhci,
unsigned int slotid,
return CC_USB_TRANSACTION_ERROR;
}
+ /* Check for validness of the input contexts, see 6.2.2.1 */
+ speed = (slot_ctx[0] >> 20) & 0xf;
+ if (speed != uport->dev->speed + 1)
+ {
+ fprintf(stderr,"xhci: invalid device speed in slot context for slot %u
(expected %d, got %d).\n",
+ slotid, uport->dev->speed+1, speed);
+ return CC_PARAMETER_ERROR;
+ }
+
for (i = 0; i < MAXSLOTS; i++) {
if (xhci->slots[i].uport == uport) {
fprintf(stderr, "xhci: port %s already assigned to slot %d\n",
--
1.7.10.4
