#1429 Sending standard device requests to non assigned address on EHCI controller causes Seg. Fault
This error was encountered on Bochs 2.6.11, compiled from ports collection (SVN snapshot from Jan 5th 2020) on FreeBSD 12.2-Release-p1 amd64 system using gcc 9.3.0 (from ports collection).
When a USB standard device request such as GET_DESCRIPTOR (06) is directed to a USB address that hasn't been assigned to a device, and is processed by the EHCI hub, then I get a Seg. Fault. I haven't tested to see if this can be replicated on any other version of Bochs or on any other operating systems.
Note:
I believe this issue can be fixed with following change to the following file: /iodev/usb/usb_ehci.cc
Line 1951: - if (q!=NULL) {
Line 1951: + if (q! =NULL || q ->dev = NULL) {
though I dont have time to test this right now.
I believe this may work because from my brief look at the source code, q->dev is not checked to be a valid usb_device_c pointer after get_address() is called, though I may be mistaken.
Related
I have ported the Qemu EHCI emulation to Bochs, but I'm not really familiar with it's internals. I can only tell you that the related source code lines in Qemu have not been modified yet. So this bug might exist in Qemu, too. Your suggested bugfix could end up in a segfault if q is NULL (standard C++ checks whole expression). You didn't tell us about the guest OS you are trying to run. I need a test case to check what's going on.
Hey, sorry, I should've caught that, twas early in the morning. The suggested bugfix would be:
Line 1951: - if (q!=NULL) {
Line 1951: + if (q! =NULL && q ->dev != NULL) {
Im running some custom OS code, which erroneously was trying to access a device on address 1 without first setting a device to respond to address 1 (which has since been corrected and has been observed to work in Bochs and on real hardware ).
When I have time, ill check this in QEMU to see if its present there too, and once I have a bit more time I can try my own solution if it hasn't been tried yet.
Its no biggie and tbh any half decent USB driver wouldn't do this.
The Bochs development has been moved to Github and the EHCI code has been modified in the meantime. The line you mentioned has been moved or modified. Please verify whether or not the bug still exists.
Volker,
Checking the file /iodev/usb/usb_ehci.cc on the master branch of the github repo, I can confirm the line is still there, now at line 2143.
I'll need some more time to build a minimal example to test if the bug is still present, but seeing as the line of code is still there, I suspect so. I'm currently running Bochs 2.7 (built from SVN August 1, 2021) on (I think) all my machines. I'll test first against that, and if the bug is still there, I'll build a current version and test against it. If the bug is still present, I'm happy to try write a fix and submit a pr.
Best,
Yll
From: bugs@bochs.p.re.sourceforge.net bugs@bochs.p.re.sourceforge.net On Behalf Of Volker Ruppert
Sent: Wednesday, December 27, 2023 3:02 PM
To: [bochs:bugs] 1429@bugs.bochs.p.re.sourceforge.net
Subject: [bochs:bugs] #1429 Sending standard device requests to non assigned address on EHCI controller causes Seg. Fault
The Bochs development has been moved to Github and the EHCI code has been modified in the meantime. The line you mentioned has been moved or modified. Please verify whether or not the bug still exists.
[bugs:#1429]https://sourceforge.net/p/bochs/bugs/1429/ Sending standard device requests to non assigned address on EHCI controller causes Seg. Fault
Status: open
Group: can't_reproduce
Created: Fri Mar 12, 2021 09:29 AM UTC by Yll Buzoku
Last Updated: Fri Mar 12, 2021 08:14 PM UTC
Owner: nobody
This error was encountered on Bochs 2.6.11, compiled from ports collection (SVN snapshot from Jan 5th 2020) on FreeBSD 12.2-Release-p1 amd64 system using gcc 9.3.0 (from ports collection).
When a USB standard device request such as GET_DESCRIPTOR (06) is directed to a USB address that hasn't been assigned to a device, and is processed by the EHCI hub, then I get a Seg. Fault. I haven't tested to see if this can be replicated on any other version of Bochs or on any other operating systems.
Note:
I believe this issue can be fixed with following change to the following file: /iodev/usb/usb_ehci.cc
Line 1951: - if (q!=NULL) {
Line 1951: + if (q! =NULL || q ->dev = NULL) {
though I dont have time to test this right now.
I believe this may work because from my brief look at the source code, q->dev is not checked to be a valid usb_device_c pointer after get_address() is called, though I may be mistaken.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/bochs/bugs/1429/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs: #1429