Package: qemu-kvm
Version: 1.0+dfsg-12
Severity: normal
Tags: patch
Dear Maintainer,
qemu-kvm stops parsing the USB descriptor table when it sees an
alternative interface entry that doesn't match the currently set guest
request preventing the guest from communicating to any device
using an alternative interface other than zero. More details in the
quilt patch header.
>From f17082f0d29b02310af09ed81b6af5d2a3a914f9 Mon Sep 17 00:00:00 2001
From: David Fries <da...@fries.net>
Date: Thu, 26 Apr 2012 19:50:57 -0500
Subject: [PATCH] patch to better parse usb alt_interfaces
This is needed until the upstream qemu fixes trickle down.
---
debian/patches/series | 1 +
debian/patches/usb_alt_int_fixup.patch | 108 ++++++++++++++++++++++++++++++++
2 files changed, 109 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/usb_alt_int_fixup.patch
diff --git a/debian/patches/series b/debian/patches/series
index 5c0b5b4..dddc264 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ run-pod2man-with-utf8-option-to-enable-utf8-in-manpa.patch
slirp:-signal-free-input-buffer-space-to-io-thread.patch
pci-fix-corrupted-pci-conf-index-register-by-unaligned-write.patch
disable-hpet-for-tcg.patch
+usb_alt_int_fixup.patch
diff --git a/debian/patches/usb_alt_int_fixup.patch
b/debian/patches/usb_alt_int_fixup.patch
new file mode 100644
index 0000000..919a761
--- /dev/null
+++ b/debian/patches/usb_alt_int_fixup.patch
@@ -0,0 +1,108 @@
+patch to better parse usb alt_interfaces
+
+If a device has multiple alternative interfaces updated_endp_table
+breaks with "invalid descriptor data", because if it sees an
+interface that doesn't match alt_interface it continues to the
+top of the loop which is expecting a config descritor not an
+endpoint descriptor. If the guest tries to talk to any
+descriptor that wasn't parsed (or tries to set alt_interface
+greater than 0), is_valid fails and it is denied.
+
+My question is, why does qemu need to validate the endpoint? Why not
+just pass it to the host to validate?
+
+This is fixed upstream in qemu with the following commit, but that
+commit isn't yet in qemu-kvm, and enough of the usb system changed
+that it isn't trivial to backport.
+
+commit 96dd9aac37d30f3425088f81523942e67b2d03ac
+Author: Gerd Hoffmann <kra...@redhat.com>
+Date: Thu Mar 29 16:06:28 2012 +0200
+usb-host: rewrite usb_linux_update_endp_table
+
+--
+David Fries <da...@fries.net>
+
+--- qemu-kvm.orig/usb-linux.c
++++ qemu-kvm/usb-linux.c
+@@ -1153,48 +1153,29 @@
+ i = 0;
+
+ while (i < length) {
+- if (descriptors[i + 1] != USB_DT_CONFIG) {
+- fprintf(stderr, "invalid descriptor data\n");
+- return 1;
+- } else if (descriptors[i + 5] != s->configuration) {
+- DPRINTF("not requested configuration %d\n", s->configuration);
+- i += (descriptors[i + 3] << 8) + descriptors[i + 2];
+- continue;
+- }
+-
+- i += descriptors[i];
+-
+- if (descriptors[i + 1] != USB_DT_INTERFACE ||
+- (descriptors[i + 1] == USB_DT_INTERFACE &&
+- descriptors[i + 4] == 0)) {
+- i += descriptors[i];
+- continue;
+- }
+-
+- interface = descriptors[i + 2];
+- alt_interface = usb_linux_get_alt_setting(s, s->configuration,
+- interface);
+-
+- /* the current interface descriptor is the active interface
+- * and has endpoints */
+- if (descriptors[i + 3] != alt_interface) {
+- i += descriptors[i];
+- continue;
+- }
+-
+- /* advance to the endpoints */
+- while (i < length && descriptors[i +1] != USB_DT_ENDPOINT) {
+- i += descriptors[i];
+- }
+-
+- if (i >= length)
+- break;
+-
+- while (i < length) {
+- if (descriptors[i + 1] != USB_DT_ENDPOINT) {
+- break;
++ if (descriptors[i + 1] == USB_DT_CONFIG) {
++ if (descriptors[i + 5] != s->configuration) {
++ DPRINTF("not requested configuration %d\n", s->configuration);
++ /* advance to the next configuration */
++ i += (descriptors[i + 3] << 8) + descriptors[i + 2];
++ } else {
++ i += descriptors[i];
+ }
+-
++ } else if (descriptors[i + 1] == USB_DT_INTERFACE) {
++ interface = descriptors[i + 2];
++ alt_interface = usb_linux_get_alt_setting(s, s->configuration,
++ interface);
++ if (descriptors[i + 3] != alt_interface) {
++ /* it isn't the current alt setting, skip it */
++ do {
++ i += descriptors[i];
++ } while (i < length &&
++ descriptors[i +1] != USB_DT_CONFIG &&
++ descriptors[i +1] != USB_DT_INTERFACE);
++ continue;
++ }
++ i += descriptors[i];
++ } else if (descriptors[i + 1] == USB_DT_ENDPOINT) {
+ devep = descriptors[i + 2];
+ pid = (devep & USB_DIR_IN) ? USB_TOKEN_IN : USB_TOKEN_OUT;
+ ep = devep & 0xf;
+@@ -1227,6 +1208,9 @@
+ epd->halted = 0;
+
+ i += descriptors[i];
++ } else {
++ /* ignoring string, speed, etc descriptors */
++ i += descriptors[i];
+ }
+ }
+ return 0;
--
1.7.9.1
-- Package-specific info:
/proc/cpuinfo:
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 72
model name : AMD Turion(tm) 64 X2 Mobile Technology TL-50
stepping : 2
cpu MHz : 800.000
cache size : 256 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm
3dnowext 3dnow rep_good nopl extd_apicid pni cx16 lahf_lm cmp_legacy svm
extapic cr8_legacy
bogomips : 1596.00
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
processor : 1
vendor_id : AuthenticAMD
cpu family : 15
model : 72
model name : AMD Turion(tm) 64 X2 Mobile Technology TL-50
stepping : 2
cpu MHz : 800.000
cache size : 256 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm
3dnowext 3dnow rep_good nopl extd_apicid pni cx16 lahf_lm cmp_legacy svm
extapic cr8_legacy
bogomips : 1596.00
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.3.0+ (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/dash
Versions of packages qemu-kvm depends on:
ii adduser 3.113+nmu1
ii ipxe 1.0.0+git-20120202.f6840ba-3
ii ipxe-qemu 1.0.0+git-20120202.f6840ba-3
ii libaio1 0.3.109-2
ii libasound2 1.0.25-2
ii libbluetooth3 4.98-3
ii libbrlapi0.5 4.3-2
ii libc6 2.13-27
ii libcurl3-gnutls 7.25.0-1
ii libglib2.0-0 2.30.2-6
ii libgnutls26 2.12.18-1
ii libiscsi1 1.0.1-1
ii libjpeg8 8d-1
ii libncurses5 5.9-4
ii libpng12-0 1.2.47-1
ii libpulse0 1.1-3
ii librados2 0.43-1
ii librbd1 0.43-1
ii libsasl2-2 2.1.25.dfsg1-4
ii libsdl1.2debian 1.2.15-2
ii libspice-server1 0.10.1-2
ii libtinfo5 5.9-4
ii libuuid1 2.20.1-1.2
ii libvdeplug2 2.3.2-4
ii libx11-6 2:1.4.4-4
ii python 2.7.2-10
ii qemu-keymaps 1.0+dfsg-3
ii qemu-utils 1.0+dfsg-3
ii seabios 1.6.3-2
ii vgabios 0.7a-2
ii zlib1g 1:1.2.6.dfsg-2
Versions of packages qemu-kvm recommends:
ii bridge-utils 1.5-2
ii iproute 20120105-1
Versions of packages qemu-kvm suggests:
pn debootstrap 1.0.38
pn samba <none>
pn vde2 <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
