Hi,
> I looked through the QEMU hcd-uhci.c code, and I think QEMU is buggy
> here. QEMU keeps a mapping of queues that are indexed by the usb
> device address and endpoint (see uhci_queue_new() ). When the usb
> device has address 0, it creates an entry in this mapping and the
> entry remains even after the device is given a new address. Later,
> when the next device also has address 0, QEMU attempts to use that
> mapping even though the 0 address now corresponds with a different
> device.
Nice spotting. Does the attached patch help?
cheers,
Gerd
>From 42568e8e4812df944abcac27adefdf518ae1361e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kra...@redhat.com>
Date: Tue, 4 Feb 2014 09:57:36 +0100
Subject: [PATCH] uhci: don't cache queues for addr 0 control transfers.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
hw/usb/hcd-uhci.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index 238d1d2..11ebb9f 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -253,6 +253,10 @@ static bool uhci_queue_verify(UHCIQueue *queue, uint32_t qh_addr, UHCI_TD *td,
{
UHCIAsync *first = QTAILQ_FIRST(&queue->asyncs);
+ if (queue->ep->nr == 0 && queue->ep->dev->addr == 0 &&
+ queue->ep->dev->setup_state == 0 /* SETUP_STATE_IDLE */)
+ return false;
+
return queue->qh_addr == qh_addr &&
queue->token == uhci_queue_token(td) &&
(queuing || !(td->ctrl & TD_CTRL_ACTIVE) || first == NULL ||
--
1.8.3.1
_______________________________________________
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
