Not only QHs can form rings, but TDs too. With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles. An assert() prevents us from
entering an endless loop then.
Fix is easy: Just stop queuing when we figure the TD we are
about to queue up is in flight already.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
hw/usb/hcd-uhci.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index e55dad9..2be564b 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -965,6 +965,9 @@ static void uhci_fill_queue(UHCIState *s, UHCI_TD *td)
}
trace_usb_uhci_td_queue(plink & ~0xf, ptd.ctrl, ptd.token);
ret = uhci_handle_td(s, plink, &ptd, &int_mask);
+ if (ret == TD_RESULT_ASYNC_CONT) {
+ break;
+ }
assert(ret == TD_RESULT_ASYNC_START);
assert(int_mask == 0);
plink = ptd.link;
--
1.7.1
