e0a4eb7219
CVE-2016-3712: out of bounds read in vga (bz #1334342) Fix USB redirection (bz #1330221) CVE-2016-4037: infinite loop in usb ehci (bz #1328080) CVE-2016-4001: buffer overflow in stellaris net (bz #1325885) CVE-2016-2858: rng stack corruption (bz #1314677) CVE-2016-2391: ohci: crash via multiple timers (bz #1308881) CVE-2016-2198: ehci: null pointer dereference (bz #1303134) Fix tpm passthrough (bz #1281413) Fix ./configure with ccache Ship sysctl file to fix s390x kvm (bz #1290589)
38 lines
1.4 KiB
Diff
38 lines
1.4 KiB
Diff
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Wed, 21 Oct 2015 09:44:22 +0200
|
|
Subject: [PATCH] ehci: clear suspend bit on detach
|
|
|
|
When a device is detached, clear the suspend bit (PORTSC_SUSPEND)
|
|
in the port status register.
|
|
|
|
The specs are not *that* clear what is supposed to happen in case
|
|
a suspended device is unplugged. But the enable bit (PORTSC_PED)
|
|
is cleared, and the specs mention setting suspend with enable being
|
|
unset is undefined behavior. So clearing them both looks reasonable,
|
|
and it actually fixes the reported bug.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1268879
|
|
|
|
Cc: Hans de Goede <hdegoede@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
|
|
Message-id: 1445413462-18004-1-git-send-email-kraxel@redhat.com
|
|
(cherry picked from commit cbf82fa01e6fd4ecb234b235b10ffce548154a95)
|
|
---
|
|
hw/usb/hcd-ehci.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
|
|
index d829901..c40013e 100644
|
|
--- a/hw/usb/hcd-ehci.c
|
|
+++ b/hw/usb/hcd-ehci.c
|
|
@@ -726,7 +726,7 @@ static void ehci_detach(USBPort *port)
|
|
ehci_queues_rip_device(s, port->dev, 0);
|
|
ehci_queues_rip_device(s, port->dev, 1);
|
|
|
|
- *portsc &= ~(PORTSC_CONNECT|PORTSC_PED);
|
|
+ *portsc &= ~(PORTSC_CONNECT|PORTSC_PED|PORTSC_SUSPEND);
|
|
*portsc |= PORTSC_CSC;
|
|
|
|
ehci_raise_irq(s, USBSTS_PCD);
|