Changeset 105209 in vbox for trunk/src/VBox/Devices/USB

Timestamp:

Jul 9, 2024 7:19:57 AM (5 months ago)

Author:

vboxsync

Message:

Devices/USB/DevEHCI: Adjust padding for the ITD, bugref:10709

File:

• trunk/src/VBox/Devices/USB/DevEHCI.cpp (modified) (13 diffs)

trunk/src/VBox/Devices/USB/DevEHCI.cpp

@@ -162 +162 @@
     RTGCPHYS        TdAddr;
     /** A copy of the TD. */
-    uint32_t        TdCopy[16];
+    uint32_t        TdCopy[18];
 } VUSBURBHCITDINT;
 
@@ -527 +527 @@
 /** @} */
 
-/* ITD with extra padding to add 8th 'Buffer' entry. The PG member of
+/* ITD with extra padding to add 8th and 9th 'Buffer' entry. The PG member of
  * EHCI_ITD_TRANSACTION can contain values in the 0-7 range, but only values
  * 0-6 are valid. The extra padding is added to avoid cluttering the code
  * with range checks; ehciR3ReadItd() initializes the pad with a safe value.
  * The EHCI 1.0 specification explicitly says using PG value of 7 yields
- * undefined behavior.
+ * undefined behavior. Two pad entries are needed because initial PG value
+ * of 7 (already 'wrong') can cross to the next page (8).
  */
 typedef struct
 {
-    EHCI_ITD         itd;
-    EHCI_BUFFER_PTR  pad;
+    EHCI_TD_PTR             Next;
+    EHCI_ITD_TRANSACTION    Transaction[EHCI_NUM_ITD_TRANSACTIONS];
+    union
+    {
+        EHCI_ITD_MISC       Misc;
+        EHCI_BUFFER_PTR     Buffer[EHCI_NUM_ITD_PAGES + 2];
+    } Buffer;
 } EHCI_ITD_PAD, *PEHCI_ITD_PAD;
-AssertCompileSize(EHCI_ITD_PAD, 0x44);
+AssertCompileSize(EHCI_ITD_PAD, 0x48);
 
 /** @name Split Transaction Isochronous Transfer Descriptor (siTD)
@@ -1472 +1478 @@
 {
     ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pPItd, sizeof(EHCI_ITD) >> 2);
-    pPItd->pad.Pointer = 0xFFFFF;   /* Direct accesses at the last page under 4GB (ROM). */
+    pPItd->Buffer.Buffer[7].Pointer = 0xFFFFF;  /* Direct ill-defined accesses to the last page under 4GB (ROM). */
+    pPItd->Buffer.Buffer[8].Pointer = 0xFFFFF;
 }
 
@@ -1480 +1487 @@
 }
 
-DECLINLINE(void) ehciR3WriteItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD pItd)
+DECLINLINE(void) ehciR3WriteItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD_PAD pItd)
 {
     /** @todo might need to be careful about write order in async io thread */
@@ -1491 +1498 @@
     Assert(!(offWrite % sizeof(uint32_t)));
 
-    ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pItd + offDWordsWrite,  (sizeof(*pItd) >> 2) - offDWordsWrite);
+    ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pItd + offDWordsWrite,  (sizeof(EHCI_ITD) >> 2) - offDWordsWrite);
 }
 
@@ -1759 +1766 @@
         /* Read the whole ITD */
         EHCI_ITD_PAD    PaddedItd;
-        PEHCI_ITD       pItd = &PaddedItd.itd;
+        PEHCI_ITD_PAD   pItd = &PaddedItd;
         ehciR3ReadItd(pDevIns, GCPhys, &PaddedItd);
 
@@ -2029 +2036 @@
  * @param   pItd        The ITD pointer.
  */
-static bool ehciR3ItdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_ITD pItd)
+static bool ehciR3ItdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_ITD_PAD pItd)
 {
     RT_NOREF(pThisCC);
@@ -2253 +2260 @@
     /* Read the whole ITD */
     EHCI_ITD_PAD  PaddedItd;
-    PEHCI_ITD     pItd = &PaddedItd.itd;
+    PEHCI_ITD_PAD pItd = &PaddedItd;
     ehciR3ReadItd(pDevIns, pUrb->paTds[0].TdAddr, &PaddedItd);
 
@@ -2324 +2331 @@
                             ehciPhysWrite(pDevIns, GCPhysBuf, pb, cb1);
                             if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
-                               LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on completion.\n", pg + 1, pUrb->paTds[0].TdAddr));
+                               LogRelMax(10, ("EHCI: Crossing to nonstandard page %d in iTD at %RGp on completion.\n", pg + 1, pUrb->paTds[0].TdAddr));
 
                             GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
@@ -2791 +2798 @@
  */
 static bool ehciR3SubmitITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
-                            PEHCI_ITD pItd, RTGCPHYS ITdAddr, const unsigned iFrame)
+                            PEHCI_ITD_PAD pItd, RTGCPHYS ITdAddr, const unsigned iFrame)
 {
     /*
@@ -2876 +2883 @@
                     ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cb1);
                     if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
-                       LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on submit.\n", pg + 1, pUrb->paTds[0].TdAddr));
+                       LogRelMax(10, ("EHCI: Crossing to nonstandard page %d in iTD at %RGp on submit.\n", pg + 1, pUrb->paTds[0].TdAddr));
 
                     GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
@@ -2933 +2940 @@
     bool          fAnyActive = false;
     EHCI_ITD_PAD  PaddedItd;
-    PEHCI_ITD     pItd = &PaddedItd.itd;
+    PEHCI_ITD_PAD pItd = &PaddedItd;
 
     if (ehciR3IsTdInFlight(pThisCC, GCPhys))
@@ -2954 +2961 @@
                  * the last page below 4GB (which is ROM, not writable).
                  */
-                LogRelMax(10, ("EHCI: Illegal page value %d in iTD at %RGp.\n", pItd->Transaction[i].PG, (RTGCPHYS)GCPhys));
+                LogRelMax(10, ("EHCI: Nonstandard page value %d in iTD at %RGp.\n", pItd->Transaction[i].PG, (RTGCPHYS)GCPhys));
             }