xref: /openbmc/qemu/hw/usb/redirect.c (revision ff156290) 
1 /*
2  * USB redirector usb-guest
3  *
4  * Copyright (c) 2011-2012 Red Hat, Inc.
5  *
6  * Red Hat Authors:
7  * Hans de Goede <hdegoede@redhat.com>
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining a copy
10  * of this software and associated documentation files (the "Software"), to deal
11  * in the Software without restriction, including without limitation the rights
12  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13  * copies of the Software, and to permit persons to whom the Software is
14  * furnished to do so, subject to the following conditions:
15  *
16  * The above copyright notice and this permission notice shall be included in
17  * all copies or substantial portions of the Software.
18  *
19  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25  * THE SOFTWARE.
26  */
27 
28 #include "qemu-common.h"
29 #include "qemu-timer.h"
30 #include "monitor.h"
31 #include "sysemu.h"
32 #include "iov.h"
33 
34 #include <dirent.h>
35 #include <sys/ioctl.h>
36 #include <signal.h>
37 #include <usbredirparser.h>
38 #include <usbredirfilter.h>
39 
40 #include "hw/usb.h"
41 
42 #define MAX_ENDPOINTS 32
43 #define NO_INTERFACE_INFO 255 /* Valid interface_count always <= 32 */
44 #define EP2I(ep_address) (((ep_address & 0x80) >> 3) | (ep_address & 0x0f))
45 #define I2EP(i) (((i & 0x10) << 3) | (i & 0x0f))
46 
47 typedef struct USBRedirDevice USBRedirDevice;
48 
49 /* Struct to hold buffered packets (iso or int input packets) */
50 struct buf_packet {
51     uint8_t *data;
52     int len;
53     int status;
54     QTAILQ_ENTRY(buf_packet)next;
55 };
56 
57 struct endp_data {
58     uint8_t type;
59     uint8_t interval;
60     uint8_t interface; /* bInterfaceNumber this ep belongs to */
61     uint16_t max_packet_size; /* In bytes, not wMaxPacketSize format !! */
62     uint8_t iso_started;
63     uint8_t iso_error; /* For reporting iso errors to the HC */
64     uint8_t interrupt_started;
65     uint8_t interrupt_error;
66     uint8_t bufpq_prefilled;
67     uint8_t bufpq_dropping_packets;
68     QTAILQ_HEAD(, buf_packet) bufpq;
69     int32_t bufpq_size;
70     int32_t bufpq_target_size;
71 };
72 
73 struct PacketIdQueueEntry {
74     uint64_t id;
75     QTAILQ_ENTRY(PacketIdQueueEntry)next;
76 };
77 
78 struct PacketIdQueue {
79     USBRedirDevice *dev;
80     const char *name;
81     QTAILQ_HEAD(, PacketIdQueueEntry) head;
82     int size;
83 };
84 
85 struct USBRedirDevice {
86     USBDevice dev;
87     /* Properties */
88     CharDriverState *cs;
89     uint8_t debug;
90     char *filter_str;
91     int32_t bootindex;
92     /* Data passed from chardev the fd_read cb to the usbredirparser read cb */
93     const uint8_t *read_buf;
94     int read_buf_size;
95     /* For async handling of close */
96     QEMUBH *chardev_close_bh;
97     /* To delay the usb attach in case of quick chardev close + open */
98     QEMUTimer *attach_timer;
99     int64_t next_attach_time;
100     struct usbredirparser *parser;
101     struct endp_data endpoint[MAX_ENDPOINTS];
102     struct PacketIdQueue cancelled;
103     struct PacketIdQueue already_in_flight;
104     /* Data for device filtering */
105     struct usb_redir_device_connect_header device_info;
106     struct usb_redir_interface_info_header interface_info;
107     struct usbredirfilter_rule *filter_rules;
108     int filter_rules_count;
109     int compatible_speedmask;
110 };
111 
112 static void usbredir_hello(void *priv, struct usb_redir_hello_header *h);
113 static void usbredir_device_connect(void *priv,
114     struct usb_redir_device_connect_header *device_connect);
115 static void usbredir_device_disconnect(void *priv);
116 static void usbredir_interface_info(void *priv,
117     struct usb_redir_interface_info_header *interface_info);
118 static void usbredir_ep_info(void *priv,
119     struct usb_redir_ep_info_header *ep_info);
120 static void usbredir_configuration_status(void *priv, uint64_t id,
121     struct usb_redir_configuration_status_header *configuration_status);
122 static void usbredir_alt_setting_status(void *priv, uint64_t id,
123     struct usb_redir_alt_setting_status_header *alt_setting_status);
124 static void usbredir_iso_stream_status(void *priv, uint64_t id,
125     struct usb_redir_iso_stream_status_header *iso_stream_status);
126 static void usbredir_interrupt_receiving_status(void *priv, uint64_t id,
127     struct usb_redir_interrupt_receiving_status_header
128     *interrupt_receiving_status);
129 static void usbredir_bulk_streams_status(void *priv, uint64_t id,
130     struct usb_redir_bulk_streams_status_header *bulk_streams_status);
131 static void usbredir_control_packet(void *priv, uint64_t id,
132     struct usb_redir_control_packet_header *control_packet,
133     uint8_t *data, int data_len);
134 static void usbredir_bulk_packet(void *priv, uint64_t id,
135     struct usb_redir_bulk_packet_header *bulk_packet,
136     uint8_t *data, int data_len);
137 static void usbredir_iso_packet(void *priv, uint64_t id,
138     struct usb_redir_iso_packet_header *iso_packet,
139     uint8_t *data, int data_len);
140 static void usbredir_interrupt_packet(void *priv, uint64_t id,
141     struct usb_redir_interrupt_packet_header *interrupt_header,
142     uint8_t *data, int data_len);
143 
144 static void usbredir_handle_status(USBRedirDevice *dev, USBPacket *p,
145     int status);
146 
147 #define VERSION "qemu usb-redir guest " QEMU_VERSION
148 
149 /*
150  * Logging stuff
151  */
152 
153 #define ERROR(...) \
154     do { \
155         if (dev->debug >= usbredirparser_error) { \
156             error_report("usb-redir error: " __VA_ARGS__); \
157         } \
158     } while (0)
159 #define WARNING(...) \
160     do { \
161         if (dev->debug >= usbredirparser_warning) { \
162             error_report("usb-redir warning: " __VA_ARGS__); \
163         } \
164     } while (0)
165 #define INFO(...) \
166     do { \
167         if (dev->debug >= usbredirparser_info) { \
168             error_report("usb-redir: " __VA_ARGS__); \
169         } \
170     } while (0)
171 #define DPRINTF(...) \
172     do { \
173         if (dev->debug >= usbredirparser_debug) { \
174             error_report("usb-redir: " __VA_ARGS__); \
175         } \
176     } while (0)
177 #define DPRINTF2(...) \
178     do { \
179         if (dev->debug >= usbredirparser_debug_data) { \
180             error_report("usb-redir: " __VA_ARGS__); \
181         } \
182     } while (0)
183 
184 static void usbredir_log(void *priv, int level, const char *msg)
185 {
186     USBRedirDevice *dev = priv;
187 
188     if (dev->debug < level) {
189         return;
190     }
191 
192     error_report("%s", msg);
193 }
194 
195 static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
196     const uint8_t *data, int len)
197 {
198     int i, j, n;
199 
200     if (dev->debug < usbredirparser_debug_data) {
201         return;
202     }
203 
204     for (i = 0; i < len; i += j) {
205         char buf[128];
206 
207         n = sprintf(buf, "%s", desc);
208         for (j = 0; j < 8 && i + j < len; j++) {
209             n += sprintf(buf + n, " %02X", data[i + j]);
210         }
211         error_report("%s", buf);
212     }
213 }
214 
215 /*
216  * usbredirparser io functions
217  */
218 
219 static int usbredir_read(void *priv, uint8_t *data, int count)
220 {
221     USBRedirDevice *dev = priv;
222 
223     if (dev->read_buf_size < count) {
224         count = dev->read_buf_size;
225     }
226 
227     memcpy(data, dev->read_buf, count);
228 
229     dev->read_buf_size -= count;
230     if (dev->read_buf_size) {
231         dev->read_buf += count;
232     } else {
233         dev->read_buf = NULL;
234     }
235 
236     return count;
237 }
238 
239 static int usbredir_write(void *priv, uint8_t *data, int count)
240 {
241     USBRedirDevice *dev = priv;
242 
243     if (!dev->cs->opened) {
244         return 0;
245     }
246 
247     /* Don't send new data to the chardev until our state is fully synced */
248     if (!runstate_check(RUN_STATE_RUNNING)) {
249         return 0;
250     }
251 
252     return qemu_chr_fe_write(dev->cs, data, count);
253 }
254 
255 /*
256  * Cancelled and buffered packets helpers
257  */
258 
259 static void packet_id_queue_init(struct PacketIdQueue *q,
260     USBRedirDevice *dev, const char *name)
261 {
262     q->dev = dev;
263     q->name = name;
264     QTAILQ_INIT(&q->head);
265     q->size = 0;
266 }
267 
268 static void packet_id_queue_add(struct PacketIdQueue *q, uint64_t id)
269 {
270     USBRedirDevice *dev = q->dev;
271     struct PacketIdQueueEntry *e;
272 
273     DPRINTF("adding packet id %"PRIu64" to %s queue\n", id, q->name);
274 
275     e = g_malloc0(sizeof(struct PacketIdQueueEntry));
276     e->id = id;
277     QTAILQ_INSERT_TAIL(&q->head, e, next);
278     q->size++;
279 }
280 
281 static int packet_id_queue_remove(struct PacketIdQueue *q, uint64_t id)
282 {
283     USBRedirDevice *dev = q->dev;
284     struct PacketIdQueueEntry *e;
285 
286     QTAILQ_FOREACH(e, &q->head, next) {
287         if (e->id == id) {
288             DPRINTF("removing packet id %"PRIu64" from %s queue\n",
289                     id, q->name);
290             QTAILQ_REMOVE(&q->head, e, next);
291             q->size--;
292             g_free(e);
293             return 1;
294         }
295     }
296     return 0;
297 }
298 
299 static void packet_id_queue_empty(struct PacketIdQueue *q)
300 {
301     USBRedirDevice *dev = q->dev;
302     struct PacketIdQueueEntry *e, *next_e;
303 
304     DPRINTF("removing %d packet-ids from %s queue\n", q->size, q->name);
305 
306     QTAILQ_FOREACH_SAFE(e, &q->head, next, next_e) {
307         QTAILQ_REMOVE(&q->head, e, next);
308         g_free(e);
309     }
310     q->size = 0;
311 }
312 
313 static void usbredir_cancel_packet(USBDevice *udev, USBPacket *p)
314 {
315     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
316 
317     if (p->combined) {
318         usb_combined_packet_cancel(udev, p);
319         return;
320     }
321 
322     packet_id_queue_add(&dev->cancelled, p->id);
323     usbredirparser_send_cancel_data_packet(dev->parser, p->id);
324     usbredirparser_do_write(dev->parser);
325 }
326 
327 static int usbredir_is_cancelled(USBRedirDevice *dev, uint64_t id)
328 {
329     if (!dev->dev.attached) {
330         return 1; /* Treat everything as cancelled after a disconnect */
331     }
332     return packet_id_queue_remove(&dev->cancelled, id);
333 }
334 
335 static void usbredir_fill_already_in_flight_from_ep(USBRedirDevice *dev,
336     struct USBEndpoint *ep)
337 {
338     static USBPacket *p;
339 
340     QTAILQ_FOREACH(p, &ep->queue, queue) {
341         /* Skip combined packets, except for the first */
342         if (p->combined && p != p->combined->first) {
343             continue;
344         }
345         if (p->state == USB_PACKET_ASYNC) {
346             packet_id_queue_add(&dev->already_in_flight, p->id);
347         }
348     }
349 }
350 
351 static void usbredir_fill_already_in_flight(USBRedirDevice *dev)
352 {
353     int ep;
354     struct USBDevice *udev = &dev->dev;
355 
356     usbredir_fill_already_in_flight_from_ep(dev, &udev->ep_ctl);
357 
358     for (ep = 0; ep < USB_MAX_ENDPOINTS; ep++) {
359         usbredir_fill_already_in_flight_from_ep(dev, &udev->ep_in[ep]);
360         usbredir_fill_already_in_flight_from_ep(dev, &udev->ep_out[ep]);
361     }
362 }
363 
364 static int usbredir_already_in_flight(USBRedirDevice *dev, uint64_t id)
365 {
366     return packet_id_queue_remove(&dev->already_in_flight, id);
367 }
368 
369 static USBPacket *usbredir_find_packet_by_id(USBRedirDevice *dev,
370     uint8_t ep, uint64_t id)
371 {
372     USBPacket *p;
373 
374     if (usbredir_is_cancelled(dev, id)) {
375         return NULL;
376     }
377 
378     p = usb_ep_find_packet_by_id(&dev->dev,
379                             (ep & USB_DIR_IN) ? USB_TOKEN_IN : USB_TOKEN_OUT,
380                             ep & 0x0f, id);
381     if (p == NULL) {
382         ERROR("could not find packet with id %"PRIu64"\n", id);
383     }
384     return p;
385 }
386 
387 static void bufp_alloc(USBRedirDevice *dev,
388     uint8_t *data, int len, int status, uint8_t ep)
389 {
390     struct buf_packet *bufp;
391 
392     if (!dev->endpoint[EP2I(ep)].bufpq_dropping_packets &&
393         dev->endpoint[EP2I(ep)].bufpq_size >
394             2 * dev->endpoint[EP2I(ep)].bufpq_target_size) {
395         DPRINTF("bufpq overflow, dropping packets ep %02X\n", ep);
396         dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 1;
397     }
398     /* Since we're interupting the stream anyways, drop enough packets to get
399        back to our target buffer size */
400     if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
401         if (dev->endpoint[EP2I(ep)].bufpq_size >
402                 dev->endpoint[EP2I(ep)].bufpq_target_size) {
403             free(data);
404             return;
405         }
406         dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
407     }
408 
409     bufp = g_malloc(sizeof(struct buf_packet));
410     bufp->data   = data;
411     bufp->len    = len;
412     bufp->status = status;
413     QTAILQ_INSERT_TAIL(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
414     dev->endpoint[EP2I(ep)].bufpq_size++;
415 }
416 
417 static void bufp_free(USBRedirDevice *dev, struct buf_packet *bufp,
418     uint8_t ep)
419 {
420     QTAILQ_REMOVE(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
421     dev->endpoint[EP2I(ep)].bufpq_size--;
422     free(bufp->data);
423     g_free(bufp);
424 }
425 
426 static void usbredir_free_bufpq(USBRedirDevice *dev, uint8_t ep)
427 {
428     struct buf_packet *buf, *buf_next;
429 
430     QTAILQ_FOREACH_SAFE(buf, &dev->endpoint[EP2I(ep)].bufpq, next, buf_next) {
431         bufp_free(dev, buf, ep);
432     }
433 }
434 
435 /*
436  * USBDevice callbacks
437  */
438 
439 static void usbredir_handle_reset(USBDevice *udev)
440 {
441     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
442 
443     DPRINTF("reset device\n");
444     usbredirparser_send_reset(dev->parser);
445     usbredirparser_do_write(dev->parser);
446 }
447 
448 static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
449                                      uint8_t ep)
450 {
451     int status, len;
452     if (!dev->endpoint[EP2I(ep)].iso_started &&
453             !dev->endpoint[EP2I(ep)].iso_error) {
454         struct usb_redir_start_iso_stream_header start_iso = {
455             .endpoint = ep,
456         };
457         int pkts_per_sec;
458 
459         if (dev->dev.speed == USB_SPEED_HIGH) {
460             pkts_per_sec = 8000 / dev->endpoint[EP2I(ep)].interval;
461         } else {
462             pkts_per_sec = 1000 / dev->endpoint[EP2I(ep)].interval;
463         }
464         /* Testing has shown that we need circa 60 ms buffer */
465         dev->endpoint[EP2I(ep)].bufpq_target_size = (pkts_per_sec * 60) / 1000;
466 
467         /* Aim for approx 100 interrupts / second on the client to
468            balance latency and interrupt load */
469         start_iso.pkts_per_urb = pkts_per_sec / 100;
470         if (start_iso.pkts_per_urb < 1) {
471             start_iso.pkts_per_urb = 1;
472         } else if (start_iso.pkts_per_urb > 32) {
473             start_iso.pkts_per_urb = 32;
474         }
475 
476         start_iso.no_urbs = (dev->endpoint[EP2I(ep)].bufpq_target_size +
477                              start_iso.pkts_per_urb - 1) /
478                             start_iso.pkts_per_urb;
479         /* Output endpoints pre-fill only 1/2 of the packets, keeping the rest
480            as overflow buffer. Also see the usbredir protocol documentation */
481         if (!(ep & USB_DIR_IN)) {
482             start_iso.no_urbs *= 2;
483         }
484         if (start_iso.no_urbs > 16) {
485             start_iso.no_urbs = 16;
486         }
487 
488         /* No id, we look at the ep when receiving a status back */
489         usbredirparser_send_start_iso_stream(dev->parser, 0, &start_iso);
490         usbredirparser_do_write(dev->parser);
491         DPRINTF("iso stream started pkts/sec %d pkts/urb %d urbs %d ep %02X\n",
492                 pkts_per_sec, start_iso.pkts_per_urb, start_iso.no_urbs, ep);
493         dev->endpoint[EP2I(ep)].iso_started = 1;
494         dev->endpoint[EP2I(ep)].bufpq_prefilled = 0;
495         dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
496     }
497 
498     if (ep & USB_DIR_IN) {
499         struct buf_packet *isop;
500 
501         if (dev->endpoint[EP2I(ep)].iso_started &&
502                 !dev->endpoint[EP2I(ep)].bufpq_prefilled) {
503             if (dev->endpoint[EP2I(ep)].bufpq_size <
504                     dev->endpoint[EP2I(ep)].bufpq_target_size) {
505                 return;
506             }
507             dev->endpoint[EP2I(ep)].bufpq_prefilled = 1;
508         }
509 
510         isop = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq);
511         if (isop == NULL) {
512             DPRINTF("iso-token-in ep %02X, no isop, iso_error: %d\n",
513                     ep, dev->endpoint[EP2I(ep)].iso_error);
514             /* Re-fill the buffer */
515             dev->endpoint[EP2I(ep)].bufpq_prefilled = 0;
516             /* Check iso_error for stream errors, otherwise its an underrun */
517             status = dev->endpoint[EP2I(ep)].iso_error;
518             dev->endpoint[EP2I(ep)].iso_error = 0;
519             p->status = status ? USB_RET_IOERROR : USB_RET_SUCCESS;
520             return;
521         }
522         DPRINTF2("iso-token-in ep %02X status %d len %d queue-size: %d\n", ep,
523                  isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size);
524 
525         status = isop->status;
526         len = isop->len;
527         if (len > p->iov.size) {
528             ERROR("received iso data is larger then packet ep %02X (%d > %d)\n",
529                   ep, len, (int)p->iov.size);
530             len = p->iov.size;
531             status = usb_redir_babble;
532         }
533         usb_packet_copy(p, isop->data, len);
534         bufp_free(dev, isop, ep);
535         usbredir_handle_status(dev, p, status);
536     } else {
537         /* If the stream was not started because of a pending error don't
538            send the packet to the usb-host */
539         if (dev->endpoint[EP2I(ep)].iso_started) {
540             struct usb_redir_iso_packet_header iso_packet = {
541                 .endpoint = ep,
542                 .length = p->iov.size
543             };
544             uint8_t buf[p->iov.size];
545             /* No id, we look at the ep when receiving a status back */
546             usb_packet_copy(p, buf, p->iov.size);
547             usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
548                                            buf, p->iov.size);
549             usbredirparser_do_write(dev->parser);
550         }
551         status = dev->endpoint[EP2I(ep)].iso_error;
552         dev->endpoint[EP2I(ep)].iso_error = 0;
553         DPRINTF2("iso-token-out ep %02X status %d len %zd\n", ep, status,
554                  p->iov.size);
555         usbredir_handle_status(dev, p, status);
556     }
557 }
558 
559 static void usbredir_stop_iso_stream(USBRedirDevice *dev, uint8_t ep)
560 {
561     struct usb_redir_stop_iso_stream_header stop_iso_stream = {
562         .endpoint = ep
563     };
564     if (dev->endpoint[EP2I(ep)].iso_started) {
565         usbredirparser_send_stop_iso_stream(dev->parser, 0, &stop_iso_stream);
566         DPRINTF("iso stream stopped ep %02X\n", ep);
567         dev->endpoint[EP2I(ep)].iso_started = 0;
568     }
569     dev->endpoint[EP2I(ep)].iso_error = 0;
570     usbredir_free_bufpq(dev, ep);
571 }
572 
573 static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
574                                       uint8_t ep)
575 {
576     struct usb_redir_bulk_packet_header bulk_packet;
577     size_t size = (p->combined) ? p->combined->iov.size : p->iov.size;
578 
579     DPRINTF("bulk-out ep %02X len %zd id %"PRIu64"\n", ep, size, p->id);
580 
581     if (usbredir_already_in_flight(dev, p->id)) {
582         p->status = USB_RET_ASYNC;
583         return;
584     }
585 
586     bulk_packet.endpoint  = ep;
587     bulk_packet.length    = size;
588     bulk_packet.stream_id = 0;
589     bulk_packet.length_high = size >> 16;
590     assert(bulk_packet.length_high == 0 ||
591            usbredirparser_peer_has_cap(dev->parser,
592                                        usb_redir_cap_32bits_bulk_length));
593 
594     if (ep & USB_DIR_IN) {
595         usbredirparser_send_bulk_packet(dev->parser, p->id,
596                                         &bulk_packet, NULL, 0);
597     } else {
598         uint8_t buf[size];
599         if (p->combined) {
600             iov_to_buf(p->combined->iov.iov, p->combined->iov.niov,
601                        0, buf, size);
602         } else {
603             usb_packet_copy(p, buf, size);
604         }
605         usbredir_log_data(dev, "bulk data out:", buf, size);
606         usbredirparser_send_bulk_packet(dev->parser, p->id,
607                                         &bulk_packet, buf, size);
608     }
609     usbredirparser_do_write(dev->parser);
610     p->status = USB_RET_ASYNC;
611 }
612 
613 static void usbredir_handle_interrupt_in_data(USBRedirDevice *dev,
614                                               USBPacket *p, uint8_t ep)
615 {
616     /* Input interrupt endpoint, buffered packet input */
617     struct buf_packet *intp;
618     int status, len;
619 
620     if (!dev->endpoint[EP2I(ep)].interrupt_started &&
621             !dev->endpoint[EP2I(ep)].interrupt_error) {
622         struct usb_redir_start_interrupt_receiving_header start_int = {
623             .endpoint = ep,
624         };
625         /* No id, we look at the ep when receiving a status back */
626         usbredirparser_send_start_interrupt_receiving(dev->parser, 0,
627                                                       &start_int);
628         usbredirparser_do_write(dev->parser);
629         DPRINTF("interrupt recv started ep %02X\n", ep);
630         dev->endpoint[EP2I(ep)].interrupt_started = 1;
631         /* We don't really want to drop interrupt packets ever, but
632            having some upper limit to how much we buffer is good. */
633         dev->endpoint[EP2I(ep)].bufpq_target_size = 1000;
634         dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
635     }
636 
637     intp = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq);
638     if (intp == NULL) {
639         DPRINTF2("interrupt-token-in ep %02X, no intp\n", ep);
640         /* Check interrupt_error for stream errors */
641         status = dev->endpoint[EP2I(ep)].interrupt_error;
642         dev->endpoint[EP2I(ep)].interrupt_error = 0;
643         if (status) {
644             usbredir_handle_status(dev, p, status);
645         } else {
646             p->status = USB_RET_NAK;
647         }
648         return;
649     }
650     DPRINTF("interrupt-token-in ep %02X status %d len %d\n", ep,
651             intp->status, intp->len);
652 
653     status = intp->status;
654     len = intp->len;
655     if (len > p->iov.size) {
656         ERROR("received int data is larger then packet ep %02X\n", ep);
657         len = p->iov.size;
658         status = usb_redir_babble;
659     }
660     usb_packet_copy(p, intp->data, len);
661     bufp_free(dev, intp, ep);
662     usbredir_handle_status(dev, p, status);
663 }
664 
665 /*
666  * Handle interrupt out data, the usbredir protocol expects us to do this
667  * async, so that it can report back a completion status. But guests will
668  * expect immediate completion for an interrupt endpoint, and handling this
669  * async causes migration issues. So we report success directly, counting
670  * on the fact that output interrupt packets normally always succeed.
671  */
672 static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev,
673                                                USBPacket *p, uint8_t ep)
674 {
675     struct usb_redir_interrupt_packet_header interrupt_packet;
676     uint8_t buf[p->iov.size];
677 
678     DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
679             p->iov.size, p->id);
680 
681     interrupt_packet.endpoint  = ep;
682     interrupt_packet.length    = p->iov.size;
683 
684     usb_packet_copy(p, buf, p->iov.size);
685     usbredir_log_data(dev, "interrupt data out:", buf, p->iov.size);
686     usbredirparser_send_interrupt_packet(dev->parser, p->id,
687                                     &interrupt_packet, buf, p->iov.size);
688     usbredirparser_do_write(dev->parser);
689 }
690 
691 static void usbredir_stop_interrupt_receiving(USBRedirDevice *dev,
692     uint8_t ep)
693 {
694     struct usb_redir_stop_interrupt_receiving_header stop_interrupt_recv = {
695         .endpoint = ep
696     };
697     if (dev->endpoint[EP2I(ep)].interrupt_started) {
698         usbredirparser_send_stop_interrupt_receiving(dev->parser, 0,
699                                                      &stop_interrupt_recv);
700         DPRINTF("interrupt recv stopped ep %02X\n", ep);
701         dev->endpoint[EP2I(ep)].interrupt_started = 0;
702     }
703     dev->endpoint[EP2I(ep)].interrupt_error = 0;
704     usbredir_free_bufpq(dev, ep);
705 }
706 
707 static void usbredir_handle_data(USBDevice *udev, USBPacket *p)
708 {
709     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
710     uint8_t ep;
711 
712     ep = p->ep->nr;
713     if (p->pid == USB_TOKEN_IN) {
714         ep |= USB_DIR_IN;
715     }
716 
717     switch (dev->endpoint[EP2I(ep)].type) {
718     case USB_ENDPOINT_XFER_CONTROL:
719         ERROR("handle_data called for control transfer on ep %02X\n", ep);
720         p->status = USB_RET_NAK;
721         break;
722     case USB_ENDPOINT_XFER_ISOC:
723         usbredir_handle_iso_data(dev, p, ep);
724         break;
725     case USB_ENDPOINT_XFER_BULK:
726         if (p->state == USB_PACKET_SETUP && p->pid == USB_TOKEN_IN &&
727                 p->ep->pipeline) {
728             p->status = USB_RET_ADD_TO_QUEUE;
729             break;
730         }
731         usbredir_handle_bulk_data(dev, p, ep);
732         break;
733     case USB_ENDPOINT_XFER_INT:
734         if (ep & USB_DIR_IN) {
735             usbredir_handle_interrupt_in_data(dev, p, ep);
736         } else {
737             usbredir_handle_interrupt_out_data(dev, p, ep);
738         }
739         break;
740     default:
741         ERROR("handle_data ep %02X has unknown type %d\n", ep,
742               dev->endpoint[EP2I(ep)].type);
743         p->status = USB_RET_NAK;
744     }
745 }
746 
747 static void usbredir_flush_ep_queue(USBDevice *dev, USBEndpoint *ep)
748 {
749     if (ep->pid == USB_TOKEN_IN && ep->pipeline) {
750         usb_ep_combine_input_packets(ep);
751     }
752 }
753 
754 static void usbredir_set_config(USBRedirDevice *dev, USBPacket *p,
755                                 int config)
756 {
757     struct usb_redir_set_configuration_header set_config;
758     int i;
759 
760     DPRINTF("set config %d id %"PRIu64"\n", config, p->id);
761 
762     for (i = 0; i < MAX_ENDPOINTS; i++) {
763         switch (dev->endpoint[i].type) {
764         case USB_ENDPOINT_XFER_ISOC:
765             usbredir_stop_iso_stream(dev, I2EP(i));
766             break;
767         case USB_ENDPOINT_XFER_INT:
768             if (i & 0x10) {
769                 usbredir_stop_interrupt_receiving(dev, I2EP(i));
770             }
771             break;
772         }
773         usbredir_free_bufpq(dev, I2EP(i));
774     }
775 
776     set_config.configuration = config;
777     usbredirparser_send_set_configuration(dev->parser, p->id, &set_config);
778     usbredirparser_do_write(dev->parser);
779     p->status = USB_RET_ASYNC;
780 }
781 
782 static void usbredir_get_config(USBRedirDevice *dev, USBPacket *p)
783 {
784     DPRINTF("get config id %"PRIu64"\n", p->id);
785 
786     usbredirparser_send_get_configuration(dev->parser, p->id);
787     usbredirparser_do_write(dev->parser);
788     p->status = USB_RET_ASYNC;
789 }
790 
791 static void usbredir_set_interface(USBRedirDevice *dev, USBPacket *p,
792                                    int interface, int alt)
793 {
794     struct usb_redir_set_alt_setting_header set_alt;
795     int i;
796 
797     DPRINTF("set interface %d alt %d id %"PRIu64"\n", interface, alt, p->id);
798 
799     for (i = 0; i < MAX_ENDPOINTS; i++) {
800         if (dev->endpoint[i].interface == interface) {
801             switch (dev->endpoint[i].type) {
802             case USB_ENDPOINT_XFER_ISOC:
803                 usbredir_stop_iso_stream(dev, I2EP(i));
804                 break;
805             case USB_ENDPOINT_XFER_INT:
806                 if (i & 0x10) {
807                     usbredir_stop_interrupt_receiving(dev, I2EP(i));
808                 }
809                 break;
810             }
811             usbredir_free_bufpq(dev, I2EP(i));
812         }
813     }
814 
815     set_alt.interface = interface;
816     set_alt.alt = alt;
817     usbredirparser_send_set_alt_setting(dev->parser, p->id, &set_alt);
818     usbredirparser_do_write(dev->parser);
819     p->status = USB_RET_ASYNC;
820 }
821 
822 static void usbredir_get_interface(USBRedirDevice *dev, USBPacket *p,
823                                    int interface)
824 {
825     struct usb_redir_get_alt_setting_header get_alt;
826 
827     DPRINTF("get interface %d id %"PRIu64"\n", interface, p->id);
828 
829     get_alt.interface = interface;
830     usbredirparser_send_get_alt_setting(dev->parser, p->id, &get_alt);
831     usbredirparser_do_write(dev->parser);
832     p->status = USB_RET_ASYNC;
833 }
834 
835 static void usbredir_handle_control(USBDevice *udev, USBPacket *p,
836         int request, int value, int index, int length, uint8_t *data)
837 {
838     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
839     struct usb_redir_control_packet_header control_packet;
840 
841     if (usbredir_already_in_flight(dev, p->id)) {
842         p->status = USB_RET_ASYNC;
843         return;
844     }
845 
846     /* Special cases for certain standard device requests */
847     switch (request) {
848     case DeviceOutRequest | USB_REQ_SET_ADDRESS:
849         DPRINTF("set address %d\n", value);
850         dev->dev.addr = value;
851         return;
852     case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
853         usbredir_set_config(dev, p, value & 0xff);
854         return;
855     case DeviceRequest | USB_REQ_GET_CONFIGURATION:
856         usbredir_get_config(dev, p);
857         return;
858     case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
859         usbredir_set_interface(dev, p, index, value);
860         return;
861     case InterfaceRequest | USB_REQ_GET_INTERFACE:
862         usbredir_get_interface(dev, p, index);
863         return;
864     }
865 
866     /* Normal ctrl requests, note request is (bRequestType << 8) | bRequest */
867     DPRINTF(
868         "ctrl-out type 0x%x req 0x%x val 0x%x index %d len %d id %"PRIu64"\n",
869         request >> 8, request & 0xff, value, index, length, p->id);
870 
871     control_packet.request     = request & 0xFF;
872     control_packet.requesttype = request >> 8;
873     control_packet.endpoint    = control_packet.requesttype & USB_DIR_IN;
874     control_packet.value       = value;
875     control_packet.index       = index;
876     control_packet.length      = length;
877 
878     if (control_packet.requesttype & USB_DIR_IN) {
879         usbredirparser_send_control_packet(dev->parser, p->id,
880                                            &control_packet, NULL, 0);
881     } else {
882         usbredir_log_data(dev, "ctrl data out:", data, length);
883         usbredirparser_send_control_packet(dev->parser, p->id,
884                                            &control_packet, data, length);
885     }
886     usbredirparser_do_write(dev->parser);
887     p->status = USB_RET_ASYNC;
888 }
889 
890 /*
891  * Close events can be triggered by usbredirparser_do_write which gets called
892  * from within the USBDevice data / control packet callbacks and doing a
893  * usb_detach from within these callbacks is not a good idea.
894  *
895  * So we use a bh handler to take care of close events.
896  */
897 static void usbredir_chardev_close_bh(void *opaque)
898 {
899     USBRedirDevice *dev = opaque;
900 
901     usbredir_device_disconnect(dev);
902 
903     if (dev->parser) {
904         DPRINTF("destroying usbredirparser\n");
905         usbredirparser_destroy(dev->parser);
906         dev->parser = NULL;
907     }
908 }
909 
910 static void usbredir_create_parser(USBRedirDevice *dev)
911 {
912     uint32_t caps[USB_REDIR_CAPS_SIZE] = { 0, };
913     int flags = 0;
914 
915     DPRINTF("creating usbredirparser\n");
916 
917     dev->parser = qemu_oom_check(usbredirparser_create());
918     dev->parser->priv = dev;
919     dev->parser->log_func = usbredir_log;
920     dev->parser->read_func = usbredir_read;
921     dev->parser->write_func = usbredir_write;
922     dev->parser->hello_func = usbredir_hello;
923     dev->parser->device_connect_func = usbredir_device_connect;
924     dev->parser->device_disconnect_func = usbredir_device_disconnect;
925     dev->parser->interface_info_func = usbredir_interface_info;
926     dev->parser->ep_info_func = usbredir_ep_info;
927     dev->parser->configuration_status_func = usbredir_configuration_status;
928     dev->parser->alt_setting_status_func = usbredir_alt_setting_status;
929     dev->parser->iso_stream_status_func = usbredir_iso_stream_status;
930     dev->parser->interrupt_receiving_status_func =
931         usbredir_interrupt_receiving_status;
932     dev->parser->bulk_streams_status_func = usbredir_bulk_streams_status;
933     dev->parser->control_packet_func = usbredir_control_packet;
934     dev->parser->bulk_packet_func = usbredir_bulk_packet;
935     dev->parser->iso_packet_func = usbredir_iso_packet;
936     dev->parser->interrupt_packet_func = usbredir_interrupt_packet;
937     dev->read_buf = NULL;
938     dev->read_buf_size = 0;
939 
940     usbredirparser_caps_set_cap(caps, usb_redir_cap_connect_device_version);
941     usbredirparser_caps_set_cap(caps, usb_redir_cap_filter);
942     usbredirparser_caps_set_cap(caps, usb_redir_cap_ep_info_max_packet_size);
943     usbredirparser_caps_set_cap(caps, usb_redir_cap_64bits_ids);
944     usbredirparser_caps_set_cap(caps, usb_redir_cap_32bits_bulk_length);
945 
946     if (runstate_check(RUN_STATE_INMIGRATE)) {
947         flags |= usbredirparser_fl_no_hello;
948     }
949     usbredirparser_init(dev->parser, VERSION, caps, USB_REDIR_CAPS_SIZE,
950                         flags);
951     usbredirparser_do_write(dev->parser);
952 }
953 
954 static void usbredir_reject_device(USBRedirDevice *dev)
955 {
956     usbredir_device_disconnect(dev);
957     if (usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_filter)) {
958         usbredirparser_send_filter_reject(dev->parser);
959         usbredirparser_do_write(dev->parser);
960     }
961 }
962 
963 static void usbredir_do_attach(void *opaque)
964 {
965     USBRedirDevice *dev = opaque;
966 
967     /* In order to work properly with XHCI controllers we need these caps */
968     if ((dev->dev.port->speedmask & USB_SPEED_MASK_SUPER) && !(
969         usbredirparser_peer_has_cap(dev->parser,
970                                     usb_redir_cap_ep_info_max_packet_size) &&
971         usbredirparser_peer_has_cap(dev->parser,
972                                     usb_redir_cap_64bits_ids))) {
973         ERROR("usb-redir-host lacks capabilities needed for use with XHCI\n");
974         usbredir_reject_device(dev);
975         return;
976     }
977 
978     if (usb_device_attach(&dev->dev) != 0) {
979         WARNING("rejecting device due to speed mismatch\n");
980         usbredir_reject_device(dev);
981     }
982 }
983 
984 /*
985  * chardev callbacks
986  */
987 
988 static int usbredir_chardev_can_read(void *opaque)
989 {
990     USBRedirDevice *dev = opaque;
991 
992     if (!dev->parser) {
993         WARNING("chardev_can_read called on non open chardev!\n");
994         return 0;
995     }
996 
997     /* Don't read new data from the chardev until our state is fully synced */
998     if (!runstate_check(RUN_STATE_RUNNING)) {
999         return 0;
1000     }
1001 
1002     /* usbredir_parser_do_read will consume *all* data we give it */
1003     return 1024 * 1024;
1004 }
1005 
1006 static void usbredir_chardev_read(void *opaque, const uint8_t *buf, int size)
1007 {
1008     USBRedirDevice *dev = opaque;
1009 
1010     /* No recursion allowed! */
1011     assert(dev->read_buf == NULL);
1012 
1013     dev->read_buf = buf;
1014     dev->read_buf_size = size;
1015 
1016     usbredirparser_do_read(dev->parser);
1017     /* Send any acks, etc. which may be queued now */
1018     usbredirparser_do_write(dev->parser);
1019 }
1020 
1021 static void usbredir_chardev_event(void *opaque, int event)
1022 {
1023     USBRedirDevice *dev = opaque;
1024 
1025     switch (event) {
1026     case CHR_EVENT_OPENED:
1027         DPRINTF("chardev open\n");
1028         /* Make sure any pending closes are handled (no-op if none pending) */
1029         usbredir_chardev_close_bh(dev);
1030         qemu_bh_cancel(dev->chardev_close_bh);
1031         usbredir_create_parser(dev);
1032         break;
1033     case CHR_EVENT_CLOSED:
1034         DPRINTF("chardev close\n");
1035         qemu_bh_schedule(dev->chardev_close_bh);
1036         break;
1037     }
1038 }
1039 
1040 /*
1041  * init + destroy
1042  */
1043 
1044 static void usbredir_vm_state_change(void *priv, int running, RunState state)
1045 {
1046     USBRedirDevice *dev = priv;
1047 
1048     if (state == RUN_STATE_RUNNING && dev->parser != NULL) {
1049         usbredirparser_do_write(dev->parser); /* Flush any pending writes */
1050     }
1051 }
1052 
1053 static int usbredir_initfn(USBDevice *udev)
1054 {
1055     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
1056     int i;
1057 
1058     if (dev->cs == NULL) {
1059         qerror_report(QERR_MISSING_PARAMETER, "chardev");
1060         return -1;
1061     }
1062 
1063     if (dev->filter_str) {
1064         i = usbredirfilter_string_to_rules(dev->filter_str, ":", "|",
1065                                            &dev->filter_rules,
1066                                            &dev->filter_rules_count);
1067         if (i) {
1068             qerror_report(QERR_INVALID_PARAMETER_VALUE, "filter",
1069                           "a usb device filter string");
1070             return -1;
1071         }
1072     }
1073 
1074     dev->chardev_close_bh = qemu_bh_new(usbredir_chardev_close_bh, dev);
1075     dev->attach_timer = qemu_new_timer_ms(vm_clock, usbredir_do_attach, dev);
1076 
1077     packet_id_queue_init(&dev->cancelled, dev, "cancelled");
1078     packet_id_queue_init(&dev->already_in_flight, dev, "already-in-flight");
1079     for (i = 0; i < MAX_ENDPOINTS; i++) {
1080         QTAILQ_INIT(&dev->endpoint[i].bufpq);
1081     }
1082 
1083     /* We'll do the attach once we receive the speed from the usb-host */
1084     udev->auto_attach = 0;
1085 
1086     /* Will be cleared during setup when we find conflicts */
1087     dev->compatible_speedmask = USB_SPEED_MASK_FULL | USB_SPEED_MASK_HIGH;
1088 
1089     /* Let the backend know we are ready */
1090     qemu_chr_fe_open(dev->cs);
1091     qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
1092                           usbredir_chardev_read, usbredir_chardev_event, dev);
1093 
1094     qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
1095     add_boot_device_path(dev->bootindex, &udev->qdev, NULL);
1096     return 0;
1097 }
1098 
1099 static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
1100 {
1101     int i;
1102 
1103     packet_id_queue_empty(&dev->cancelled);
1104     packet_id_queue_empty(&dev->already_in_flight);
1105     for (i = 0; i < MAX_ENDPOINTS; i++) {
1106         usbredir_free_bufpq(dev, I2EP(i));
1107     }
1108 }
1109 
1110 static void usbredir_handle_destroy(USBDevice *udev)
1111 {
1112     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
1113 
1114     qemu_chr_fe_close(dev->cs);
1115     qemu_chr_delete(dev->cs);
1116     /* Note must be done after qemu_chr_close, as that causes a close event */
1117     qemu_bh_delete(dev->chardev_close_bh);
1118 
1119     qemu_del_timer(dev->attach_timer);
1120     qemu_free_timer(dev->attach_timer);
1121 
1122     usbredir_cleanup_device_queues(dev);
1123 
1124     if (dev->parser) {
1125         usbredirparser_destroy(dev->parser);
1126     }
1127 
1128     free(dev->filter_rules);
1129 }
1130 
1131 static int usbredir_check_filter(USBRedirDevice *dev)
1132 {
1133     if (dev->interface_info.interface_count == NO_INTERFACE_INFO) {
1134         ERROR("No interface info for device\n");
1135         goto error;
1136     }
1137 
1138     if (dev->filter_rules) {
1139         if (!usbredirparser_peer_has_cap(dev->parser,
1140                                     usb_redir_cap_connect_device_version)) {
1141             ERROR("Device filter specified and peer does not have the "
1142                   "connect_device_version capability\n");
1143             goto error;
1144         }
1145 
1146         if (usbredirfilter_check(
1147                 dev->filter_rules,
1148                 dev->filter_rules_count,
1149                 dev->device_info.device_class,
1150                 dev->device_info.device_subclass,
1151                 dev->device_info.device_protocol,
1152                 dev->interface_info.interface_class,
1153                 dev->interface_info.interface_subclass,
1154                 dev->interface_info.interface_protocol,
1155                 dev->interface_info.interface_count,
1156                 dev->device_info.vendor_id,
1157                 dev->device_info.product_id,
1158                 dev->device_info.device_version_bcd,
1159                 0) != 0) {
1160             goto error;
1161         }
1162     }
1163 
1164     return 0;
1165 
1166 error:
1167     usbredir_reject_device(dev);
1168     return -1;
1169 }
1170 
1171 /*
1172  * usbredirparser packet complete callbacks
1173  */
1174 
1175 static void usbredir_handle_status(USBRedirDevice *dev, USBPacket *p,
1176     int status)
1177 {
1178     switch (status) {
1179     case usb_redir_success:
1180         p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
1181         break;
1182     case usb_redir_stall:
1183         p->status = USB_RET_STALL;
1184         break;
1185     case usb_redir_cancelled:
1186         /*
1187          * When the usbredir-host unredirects a device, it will report a status
1188          * of cancelled for all pending packets, followed by a disconnect msg.
1189          */
1190         p->status = USB_RET_IOERROR;
1191         break;
1192     case usb_redir_inval:
1193         WARNING("got invalid param error from usb-host?\n");
1194         p->status = USB_RET_IOERROR;
1195         break;
1196     case usb_redir_babble:
1197         p->status = USB_RET_BABBLE;
1198         break;
1199     case usb_redir_ioerror:
1200     case usb_redir_timeout:
1201     default:
1202         p->status = USB_RET_IOERROR;
1203     }
1204 }
1205 
1206 static void usbredir_hello(void *priv, struct usb_redir_hello_header *h)
1207 {
1208     USBRedirDevice *dev = priv;
1209 
1210     /* Try to send the filter info now that we've the usb-host's caps */
1211     if (usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_filter) &&
1212             dev->filter_rules) {
1213         usbredirparser_send_filter_filter(dev->parser, dev->filter_rules,
1214                                           dev->filter_rules_count);
1215         usbredirparser_do_write(dev->parser);
1216     }
1217 }
1218 
1219 static void usbredir_device_connect(void *priv,
1220     struct usb_redir_device_connect_header *device_connect)
1221 {
1222     USBRedirDevice *dev = priv;
1223     const char *speed;
1224 
1225     if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) {
1226         ERROR("Received device connect while already connected\n");
1227         return;
1228     }
1229 
1230     switch (device_connect->speed) {
1231     case usb_redir_speed_low:
1232         speed = "low speed";
1233         dev->dev.speed = USB_SPEED_LOW;
1234         dev->compatible_speedmask &= ~USB_SPEED_MASK_FULL;
1235         dev->compatible_speedmask &= ~USB_SPEED_MASK_HIGH;
1236         break;
1237     case usb_redir_speed_full:
1238         speed = "full speed";
1239         dev->dev.speed = USB_SPEED_FULL;
1240         dev->compatible_speedmask &= ~USB_SPEED_MASK_HIGH;
1241         break;
1242     case usb_redir_speed_high:
1243         speed = "high speed";
1244         dev->dev.speed = USB_SPEED_HIGH;
1245         break;
1246     case usb_redir_speed_super:
1247         speed = "super speed";
1248         dev->dev.speed = USB_SPEED_SUPER;
1249         break;
1250     default:
1251         speed = "unknown speed";
1252         dev->dev.speed = USB_SPEED_FULL;
1253     }
1254 
1255     if (usbredirparser_peer_has_cap(dev->parser,
1256                                     usb_redir_cap_connect_device_version)) {
1257         INFO("attaching %s device %04x:%04x version %d.%d class %02x\n",
1258              speed, device_connect->vendor_id, device_connect->product_id,
1259              ((device_connect->device_version_bcd & 0xf000) >> 12) * 10 +
1260              ((device_connect->device_version_bcd & 0x0f00) >>  8),
1261              ((device_connect->device_version_bcd & 0x00f0) >>  4) * 10 +
1262              ((device_connect->device_version_bcd & 0x000f) >>  0),
1263              device_connect->device_class);
1264     } else {
1265         INFO("attaching %s device %04x:%04x class %02x\n", speed,
1266              device_connect->vendor_id, device_connect->product_id,
1267              device_connect->device_class);
1268     }
1269 
1270     dev->dev.speedmask = (1 << dev->dev.speed) | dev->compatible_speedmask;
1271     dev->device_info = *device_connect;
1272 
1273     if (usbredir_check_filter(dev)) {
1274         WARNING("Device %04x:%04x rejected by device filter, not attaching\n",
1275                 device_connect->vendor_id, device_connect->product_id);
1276         return;
1277     }
1278 
1279     qemu_mod_timer(dev->attach_timer, dev->next_attach_time);
1280 }
1281 
1282 static void usbredir_device_disconnect(void *priv)
1283 {
1284     USBRedirDevice *dev = priv;
1285     int i;
1286 
1287     /* Stop any pending attaches */
1288     qemu_del_timer(dev->attach_timer);
1289 
1290     if (dev->dev.attached) {
1291         DPRINTF("detaching device\n");
1292         usb_device_detach(&dev->dev);
1293         /*
1294          * Delay next usb device attach to give the guest a chance to see
1295          * see the detach / attach in case of quick close / open succession
1296          */
1297         dev->next_attach_time = qemu_get_clock_ms(vm_clock) + 200;
1298     }
1299 
1300     /* Reset state so that the next dev connected starts with a clean slate */
1301     usbredir_cleanup_device_queues(dev);
1302     memset(dev->endpoint, 0, sizeof(dev->endpoint));
1303     for (i = 0; i < MAX_ENDPOINTS; i++) {
1304         QTAILQ_INIT(&dev->endpoint[i].bufpq);
1305     }
1306     usb_ep_init(&dev->dev);
1307     dev->interface_info.interface_count = NO_INTERFACE_INFO;
1308     dev->dev.addr = 0;
1309     dev->dev.speed = 0;
1310     dev->compatible_speedmask = USB_SPEED_MASK_FULL | USB_SPEED_MASK_HIGH;
1311 }
1312 
1313 static void usbredir_interface_info(void *priv,
1314     struct usb_redir_interface_info_header *interface_info)
1315 {
1316     USBRedirDevice *dev = priv;
1317 
1318     dev->interface_info = *interface_info;
1319 
1320     /*
1321      * If we receive interface info after the device has already been
1322      * connected (ie on a set_config), re-check the filter.
1323      */
1324     if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) {
1325         if (usbredir_check_filter(dev)) {
1326             ERROR("Device no longer matches filter after interface info "
1327                   "change, disconnecting!\n");
1328         }
1329     }
1330 }
1331 
1332 static void usbredir_mark_speed_incompatible(USBRedirDevice *dev, int speed)
1333 {
1334     dev->compatible_speedmask &= ~(1 << speed);
1335     dev->dev.speedmask = (1 << dev->dev.speed) | dev->compatible_speedmask;
1336 }
1337 
1338 static void usbredir_set_pipeline(USBRedirDevice *dev, struct USBEndpoint *uep)
1339 {
1340     if (uep->type != USB_ENDPOINT_XFER_BULK) {
1341         return;
1342     }
1343     if (uep->pid == USB_TOKEN_OUT) {
1344         uep->pipeline = true;
1345     }
1346     if (uep->pid == USB_TOKEN_IN && uep->max_packet_size != 0 &&
1347         usbredirparser_peer_has_cap(dev->parser,
1348                                     usb_redir_cap_32bits_bulk_length)) {
1349         uep->pipeline = true;
1350     }
1351 }
1352 
1353 static void usbredir_setup_usb_eps(USBRedirDevice *dev)
1354 {
1355     struct USBEndpoint *usb_ep;
1356     int i, pid;
1357 
1358     for (i = 0; i < MAX_ENDPOINTS; i++) {
1359         pid = (i & 0x10) ? USB_TOKEN_IN : USB_TOKEN_OUT;
1360         usb_ep = usb_ep_get(&dev->dev, pid, i & 0x0f);
1361         usb_ep->type = dev->endpoint[i].type;
1362         usb_ep->ifnum = dev->endpoint[i].interface;
1363         usb_ep->max_packet_size = dev->endpoint[i].max_packet_size;
1364         usbredir_set_pipeline(dev, usb_ep);
1365     }
1366 }
1367 
1368 static void usbredir_ep_info(void *priv,
1369     struct usb_redir_ep_info_header *ep_info)
1370 {
1371     USBRedirDevice *dev = priv;
1372     int i;
1373 
1374     for (i = 0; i < MAX_ENDPOINTS; i++) {
1375         dev->endpoint[i].type = ep_info->type[i];
1376         dev->endpoint[i].interval = ep_info->interval[i];
1377         dev->endpoint[i].interface = ep_info->interface[i];
1378         if (usbredirparser_peer_has_cap(dev->parser,
1379                                      usb_redir_cap_ep_info_max_packet_size)) {
1380             dev->endpoint[i].max_packet_size = ep_info->max_packet_size[i];
1381         }
1382         switch (dev->endpoint[i].type) {
1383         case usb_redir_type_invalid:
1384             break;
1385         case usb_redir_type_iso:
1386             usbredir_mark_speed_incompatible(dev, USB_SPEED_FULL);
1387             usbredir_mark_speed_incompatible(dev, USB_SPEED_HIGH);
1388             /* Fall through */
1389         case usb_redir_type_interrupt:
1390             if (!usbredirparser_peer_has_cap(dev->parser,
1391                                      usb_redir_cap_ep_info_max_packet_size) ||
1392                     ep_info->max_packet_size[i] > 64) {
1393                 usbredir_mark_speed_incompatible(dev, USB_SPEED_FULL);
1394             }
1395             if (!usbredirparser_peer_has_cap(dev->parser,
1396                                      usb_redir_cap_ep_info_max_packet_size) ||
1397                     ep_info->max_packet_size[i] > 1024) {
1398                 usbredir_mark_speed_incompatible(dev, USB_SPEED_HIGH);
1399             }
1400             if (dev->endpoint[i].interval == 0) {
1401                 ERROR("Received 0 interval for isoc or irq endpoint\n");
1402                 usbredir_reject_device(dev);
1403                 return;
1404             }
1405             /* Fall through */
1406         case usb_redir_type_control:
1407         case usb_redir_type_bulk:
1408             DPRINTF("ep: %02X type: %d interface: %d\n", I2EP(i),
1409                     dev->endpoint[i].type, dev->endpoint[i].interface);
1410             break;
1411         default:
1412             ERROR("Received invalid endpoint type\n");
1413             usbredir_reject_device(dev);
1414             return;
1415         }
1416     }
1417     /* The new ep info may have caused a speed incompatibility, recheck */
1418     if (dev->dev.attached &&
1419             !(dev->dev.port->speedmask & dev->dev.speedmask)) {
1420         ERROR("Device no longer matches speed after endpoint info change, "
1421               "disconnecting!\n");
1422         usbredir_reject_device(dev);
1423         return;
1424     }
1425     usbredir_setup_usb_eps(dev);
1426 }
1427 
1428 static void usbredir_configuration_status(void *priv, uint64_t id,
1429     struct usb_redir_configuration_status_header *config_status)
1430 {
1431     USBRedirDevice *dev = priv;
1432     USBPacket *p;
1433 
1434     DPRINTF("set config status %d config %d id %"PRIu64"\n",
1435             config_status->status, config_status->configuration, id);
1436 
1437     p = usbredir_find_packet_by_id(dev, 0, id);
1438     if (p) {
1439         if (dev->dev.setup_buf[0] & USB_DIR_IN) {
1440             dev->dev.data_buf[0] = config_status->configuration;
1441             p->actual_length = 1;
1442         }
1443         usbredir_handle_status(dev, p, config_status->status);
1444         usb_generic_async_ctrl_complete(&dev->dev, p);
1445     }
1446 }
1447 
1448 static void usbredir_alt_setting_status(void *priv, uint64_t id,
1449     struct usb_redir_alt_setting_status_header *alt_setting_status)
1450 {
1451     USBRedirDevice *dev = priv;
1452     USBPacket *p;
1453 
1454     DPRINTF("alt status %d intf %d alt %d id: %"PRIu64"\n",
1455             alt_setting_status->status, alt_setting_status->interface,
1456             alt_setting_status->alt, id);
1457 
1458     p = usbredir_find_packet_by_id(dev, 0, id);
1459     if (p) {
1460         if (dev->dev.setup_buf[0] & USB_DIR_IN) {
1461             dev->dev.data_buf[0] = alt_setting_status->alt;
1462             p->actual_length = 1;
1463         }
1464         usbredir_handle_status(dev, p, alt_setting_status->status);
1465         usb_generic_async_ctrl_complete(&dev->dev, p);
1466     }
1467 }
1468 
1469 static void usbredir_iso_stream_status(void *priv, uint64_t id,
1470     struct usb_redir_iso_stream_status_header *iso_stream_status)
1471 {
1472     USBRedirDevice *dev = priv;
1473     uint8_t ep = iso_stream_status->endpoint;
1474 
1475     DPRINTF("iso status %d ep %02X id %"PRIu64"\n", iso_stream_status->status,
1476             ep, id);
1477 
1478     if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].iso_started) {
1479         return;
1480     }
1481 
1482     dev->endpoint[EP2I(ep)].iso_error = iso_stream_status->status;
1483     if (iso_stream_status->status == usb_redir_stall) {
1484         DPRINTF("iso stream stopped by peer ep %02X\n", ep);
1485         dev->endpoint[EP2I(ep)].iso_started = 0;
1486     }
1487 }
1488 
1489 static void usbredir_interrupt_receiving_status(void *priv, uint64_t id,
1490     struct usb_redir_interrupt_receiving_status_header
1491     *interrupt_receiving_status)
1492 {
1493     USBRedirDevice *dev = priv;
1494     uint8_t ep = interrupt_receiving_status->endpoint;
1495 
1496     DPRINTF("interrupt recv status %d ep %02X id %"PRIu64"\n",
1497             interrupt_receiving_status->status, ep, id);
1498 
1499     if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].interrupt_started) {
1500         return;
1501     }
1502 
1503     dev->endpoint[EP2I(ep)].interrupt_error =
1504         interrupt_receiving_status->status;
1505     if (interrupt_receiving_status->status == usb_redir_stall) {
1506         DPRINTF("interrupt receiving stopped by peer ep %02X\n", ep);
1507         dev->endpoint[EP2I(ep)].interrupt_started = 0;
1508     }
1509 }
1510 
1511 static void usbredir_bulk_streams_status(void *priv, uint64_t id,
1512     struct usb_redir_bulk_streams_status_header *bulk_streams_status)
1513 {
1514 }
1515 
1516 static void usbredir_control_packet(void *priv, uint64_t id,
1517     struct usb_redir_control_packet_header *control_packet,
1518     uint8_t *data, int data_len)
1519 {
1520     USBRedirDevice *dev = priv;
1521     USBPacket *p;
1522     int len = control_packet->length;
1523 
1524     DPRINTF("ctrl-in status %d len %d id %"PRIu64"\n", control_packet->status,
1525             len, id);
1526 
1527     /* Fix up USB-3 ep0 maxpacket size to allow superspeed connected devices
1528      * to work redirected to a not superspeed capable hcd */
1529     if (dev->dev.speed == USB_SPEED_SUPER &&
1530             !((dev->dev.port->speedmask & USB_SPEED_MASK_SUPER)) &&
1531             control_packet->requesttype == 0x80 &&
1532             control_packet->request == 6 &&
1533             control_packet->value == 0x100 && control_packet->index == 0 &&
1534             data_len >= 18 && data[7] == 9) {
1535         data[7] = 64;
1536     }
1537 
1538     p = usbredir_find_packet_by_id(dev, 0, id);
1539     if (p) {
1540         usbredir_handle_status(dev, p, control_packet->status);
1541         if (data_len > 0) {
1542             usbredir_log_data(dev, "ctrl data in:", data, data_len);
1543             if (data_len > sizeof(dev->dev.data_buf)) {
1544                 ERROR("ctrl buffer too small (%d > %zu)\n",
1545                       data_len, sizeof(dev->dev.data_buf));
1546                 p->status = USB_RET_STALL;
1547                 data_len = len = sizeof(dev->dev.data_buf);
1548             }
1549             memcpy(dev->dev.data_buf, data, data_len);
1550         }
1551         p->actual_length = len;
1552         usb_generic_async_ctrl_complete(&dev->dev, p);
1553     }
1554     free(data);
1555 }
1556 
1557 static void usbredir_bulk_packet(void *priv, uint64_t id,
1558     struct usb_redir_bulk_packet_header *bulk_packet,
1559     uint8_t *data, int data_len)
1560 {
1561     USBRedirDevice *dev = priv;
1562     uint8_t ep = bulk_packet->endpoint;
1563     int len = (bulk_packet->length_high << 16) | bulk_packet->length;
1564     USBPacket *p;
1565 
1566     DPRINTF("bulk-in status %d ep %02X len %d id %"PRIu64"\n",
1567             bulk_packet->status, ep, len, id);
1568 
1569     p = usbredir_find_packet_by_id(dev, ep, id);
1570     if (p) {
1571         size_t size = (p->combined) ? p->combined->iov.size : p->iov.size;
1572         usbredir_handle_status(dev, p, bulk_packet->status);
1573         if (data_len > 0) {
1574             usbredir_log_data(dev, "bulk data in:", data, data_len);
1575             if (data_len > size) {
1576                 ERROR("bulk got more data then requested (%d > %zd)\n",
1577                       data_len, p->iov.size);
1578                 p->status = USB_RET_BABBLE;
1579                 data_len = len = size;
1580             }
1581             if (p->combined) {
1582                 iov_from_buf(p->combined->iov.iov, p->combined->iov.niov,
1583                              0, data, data_len);
1584             } else {
1585                 usb_packet_copy(p, data, data_len);
1586             }
1587         }
1588         p->actual_length = len;
1589         if (p->pid == USB_TOKEN_IN && p->ep->pipeline) {
1590             usb_combined_input_packet_complete(&dev->dev, p);
1591         } else {
1592             usb_packet_complete(&dev->dev, p);
1593         }
1594     }
1595     free(data);
1596 }
1597 
1598 static void usbredir_iso_packet(void *priv, uint64_t id,
1599     struct usb_redir_iso_packet_header *iso_packet,
1600     uint8_t *data, int data_len)
1601 {
1602     USBRedirDevice *dev = priv;
1603     uint8_t ep = iso_packet->endpoint;
1604 
1605     DPRINTF2("iso-in status %d ep %02X len %d id %"PRIu64"\n",
1606              iso_packet->status, ep, data_len, id);
1607 
1608     if (dev->endpoint[EP2I(ep)].type != USB_ENDPOINT_XFER_ISOC) {
1609         ERROR("received iso packet for non iso endpoint %02X\n", ep);
1610         free(data);
1611         return;
1612     }
1613 
1614     if (dev->endpoint[EP2I(ep)].iso_started == 0) {
1615         DPRINTF("received iso packet for non started stream ep %02X\n", ep);
1616         free(data);
1617         return;
1618     }
1619 
1620     /* bufp_alloc also adds the packet to the ep queue */
1621     bufp_alloc(dev, data, data_len, iso_packet->status, ep);
1622 }
1623 
1624 static void usbredir_interrupt_packet(void *priv, uint64_t id,
1625     struct usb_redir_interrupt_packet_header *interrupt_packet,
1626     uint8_t *data, int data_len)
1627 {
1628     USBRedirDevice *dev = priv;
1629     uint8_t ep = interrupt_packet->endpoint;
1630 
1631     DPRINTF("interrupt-in status %d ep %02X len %d id %"PRIu64"\n",
1632             interrupt_packet->status, ep, data_len, id);
1633 
1634     if (dev->endpoint[EP2I(ep)].type != USB_ENDPOINT_XFER_INT) {
1635         ERROR("received int packet for non interrupt endpoint %02X\n", ep);
1636         free(data);
1637         return;
1638     }
1639 
1640     if (ep & USB_DIR_IN) {
1641         if (dev->endpoint[EP2I(ep)].interrupt_started == 0) {
1642             DPRINTF("received int packet while not started ep %02X\n", ep);
1643             free(data);
1644             return;
1645         }
1646 
1647         if (QTAILQ_EMPTY(&dev->endpoint[EP2I(ep)].bufpq)) {
1648             usb_wakeup(usb_ep_get(&dev->dev, USB_TOKEN_IN, ep & 0x0f));
1649         }
1650 
1651         /* bufp_alloc also adds the packet to the ep queue */
1652         bufp_alloc(dev, data, data_len, interrupt_packet->status, ep);
1653     } else {
1654         /*
1655          * We report output interrupt packets as completed directly upon
1656          * submission, so all we can do here if one failed is warn.
1657          */
1658         if (interrupt_packet->status) {
1659             WARNING("interrupt output failed status %d ep %02X id %"PRIu64"\n",
1660                     interrupt_packet->status, ep, id);
1661         }
1662     }
1663 }
1664 
1665 /*
1666  * Migration code
1667  */
1668 
1669 static void usbredir_pre_save(void *priv)
1670 {
1671     USBRedirDevice *dev = priv;
1672 
1673     usbredir_fill_already_in_flight(dev);
1674 }
1675 
1676 static int usbredir_post_load(void *priv, int version_id)
1677 {
1678     USBRedirDevice *dev = priv;
1679 
1680     switch (dev->device_info.speed) {
1681     case usb_redir_speed_low:
1682         dev->dev.speed = USB_SPEED_LOW;
1683         break;
1684     case usb_redir_speed_full:
1685         dev->dev.speed = USB_SPEED_FULL;
1686         break;
1687     case usb_redir_speed_high:
1688         dev->dev.speed = USB_SPEED_HIGH;
1689         break;
1690     case usb_redir_speed_super:
1691         dev->dev.speed = USB_SPEED_SUPER;
1692         break;
1693     default:
1694         dev->dev.speed = USB_SPEED_FULL;
1695     }
1696     dev->dev.speedmask = (1 << dev->dev.speed);
1697 
1698     usbredir_setup_usb_eps(dev);
1699 
1700     return 0;
1701 }
1702 
1703 /* For usbredirparser migration */
1704 static void usbredir_put_parser(QEMUFile *f, void *priv, size_t unused)
1705 {
1706     USBRedirDevice *dev = priv;
1707     uint8_t *data;
1708     int len;
1709 
1710     if (dev->parser == NULL) {
1711         qemu_put_be32(f, 0);
1712         return;
1713     }
1714 
1715     usbredirparser_serialize(dev->parser, &data, &len);
1716     qemu_oom_check(data);
1717 
1718     qemu_put_be32(f, len);
1719     qemu_put_buffer(f, data, len);
1720 
1721     free(data);
1722 }
1723 
1724 static int usbredir_get_parser(QEMUFile *f, void *priv, size_t unused)
1725 {
1726     USBRedirDevice *dev = priv;
1727     uint8_t *data;
1728     int len, ret;
1729 
1730     len = qemu_get_be32(f);
1731     if (len == 0) {
1732         return 0;
1733     }
1734 
1735     /*
1736      * If our chardev is not open already at this point the usbredir connection
1737      * has been broken (non seamless migration, or restore from disk).
1738      *
1739      * In this case create a temporary parser to receive the migration data,
1740      * and schedule the close_bh to report the device as disconnected to the
1741      * guest and to destroy the parser again.
1742      */
1743     if (dev->parser == NULL) {
1744         WARNING("usb-redir connection broken during migration\n");
1745         usbredir_create_parser(dev);
1746         qemu_bh_schedule(dev->chardev_close_bh);
1747     }
1748 
1749     data = g_malloc(len);
1750     qemu_get_buffer(f, data, len);
1751 
1752     ret = usbredirparser_unserialize(dev->parser, data, len);
1753 
1754     g_free(data);
1755 
1756     return ret;
1757 }
1758 
1759 static const VMStateInfo usbredir_parser_vmstate_info = {
1760     .name = "usb-redir-parser",
1761     .put  = usbredir_put_parser,
1762     .get  = usbredir_get_parser,
1763 };
1764 
1765 
1766 /* For buffered packets (iso/irq) queue migration */
1767 static void usbredir_put_bufpq(QEMUFile *f, void *priv, size_t unused)
1768 {
1769     struct endp_data *endp = priv;
1770     struct buf_packet *bufp;
1771     int remain = endp->bufpq_size;
1772 
1773     qemu_put_be32(f, endp->bufpq_size);
1774     QTAILQ_FOREACH(bufp, &endp->bufpq, next) {
1775         qemu_put_be32(f, bufp->len);
1776         qemu_put_be32(f, bufp->status);
1777         qemu_put_buffer(f, bufp->data, bufp->len);
1778         remain--;
1779     }
1780     assert(remain == 0);
1781 }
1782 
1783 static int usbredir_get_bufpq(QEMUFile *f, void *priv, size_t unused)
1784 {
1785     struct endp_data *endp = priv;
1786     struct buf_packet *bufp;
1787     int i;
1788 
1789     endp->bufpq_size = qemu_get_be32(f);
1790     for (i = 0; i < endp->bufpq_size; i++) {
1791         bufp = g_malloc(sizeof(struct buf_packet));
1792         bufp->len = qemu_get_be32(f);
1793         bufp->status = qemu_get_be32(f);
1794         bufp->data = qemu_oom_check(malloc(bufp->len)); /* regular malloc! */
1795         qemu_get_buffer(f, bufp->data, bufp->len);
1796         QTAILQ_INSERT_TAIL(&endp->bufpq, bufp, next);
1797     }
1798     return 0;
1799 }
1800 
1801 static const VMStateInfo usbredir_ep_bufpq_vmstate_info = {
1802     .name = "usb-redir-bufpq",
1803     .put  = usbredir_put_bufpq,
1804     .get  = usbredir_get_bufpq,
1805 };
1806 
1807 
1808 /* For endp_data migration */
1809 static const VMStateDescription usbredir_ep_vmstate = {
1810     .name = "usb-redir-ep",
1811     .version_id = 1,
1812     .minimum_version_id = 1,
1813     .fields = (VMStateField[]) {
1814         VMSTATE_UINT8(type, struct endp_data),
1815         VMSTATE_UINT8(interval, struct endp_data),
1816         VMSTATE_UINT8(interface, struct endp_data),
1817         VMSTATE_UINT16(max_packet_size, struct endp_data),
1818         VMSTATE_UINT8(iso_started, struct endp_data),
1819         VMSTATE_UINT8(iso_error, struct endp_data),
1820         VMSTATE_UINT8(interrupt_started, struct endp_data),
1821         VMSTATE_UINT8(interrupt_error, struct endp_data),
1822         VMSTATE_UINT8(bufpq_prefilled, struct endp_data),
1823         VMSTATE_UINT8(bufpq_dropping_packets, struct endp_data),
1824         {
1825             .name         = "bufpq",
1826             .version_id   = 0,
1827             .field_exists = NULL,
1828             .size         = 0,
1829             .info         = &usbredir_ep_bufpq_vmstate_info,
1830             .flags        = VMS_SINGLE,
1831             .offset       = 0,
1832         },
1833         VMSTATE_INT32(bufpq_target_size, struct endp_data),
1834         VMSTATE_END_OF_LIST()
1835     }
1836 };
1837 
1838 
1839 /* For PacketIdQueue migration */
1840 static void usbredir_put_packet_id_q(QEMUFile *f, void *priv, size_t unused)
1841 {
1842     struct PacketIdQueue *q = priv;
1843     USBRedirDevice *dev = q->dev;
1844     struct PacketIdQueueEntry *e;
1845     int remain = q->size;
1846 
1847     DPRINTF("put_packet_id_q %s size %d\n", q->name, q->size);
1848     qemu_put_be32(f, q->size);
1849     QTAILQ_FOREACH(e, &q->head, next) {
1850         qemu_put_be64(f, e->id);
1851         remain--;
1852     }
1853     assert(remain == 0);
1854 }
1855 
1856 static int usbredir_get_packet_id_q(QEMUFile *f, void *priv, size_t unused)
1857 {
1858     struct PacketIdQueue *q = priv;
1859     USBRedirDevice *dev = q->dev;
1860     int i, size;
1861     uint64_t id;
1862 
1863     size = qemu_get_be32(f);
1864     DPRINTF("get_packet_id_q %s size %d\n", q->name, size);
1865     for (i = 0; i < size; i++) {
1866         id = qemu_get_be64(f);
1867         packet_id_queue_add(q, id);
1868     }
1869     assert(q->size == size);
1870     return 0;
1871 }
1872 
1873 static const VMStateInfo usbredir_ep_packet_id_q_vmstate_info = {
1874     .name = "usb-redir-packet-id-q",
1875     .put  = usbredir_put_packet_id_q,
1876     .get  = usbredir_get_packet_id_q,
1877 };
1878 
1879 static const VMStateDescription usbredir_ep_packet_id_queue_vmstate = {
1880     .name = "usb-redir-packet-id-queue",
1881     .version_id = 1,
1882     .minimum_version_id = 1,
1883     .fields = (VMStateField[]) {
1884         {
1885             .name         = "queue",
1886             .version_id   = 0,
1887             .field_exists = NULL,
1888             .size         = 0,
1889             .info         = &usbredir_ep_packet_id_q_vmstate_info,
1890             .flags        = VMS_SINGLE,
1891             .offset       = 0,
1892         },
1893         VMSTATE_END_OF_LIST()
1894     }
1895 };
1896 
1897 
1898 /* For usb_redir_device_connect_header migration */
1899 static const VMStateDescription usbredir_device_info_vmstate = {
1900     .name = "usb-redir-device-info",
1901     .version_id = 1,
1902     .minimum_version_id = 1,
1903     .fields = (VMStateField[]) {
1904         VMSTATE_UINT8(speed, struct usb_redir_device_connect_header),
1905         VMSTATE_UINT8(device_class, struct usb_redir_device_connect_header),
1906         VMSTATE_UINT8(device_subclass, struct usb_redir_device_connect_header),
1907         VMSTATE_UINT8(device_protocol, struct usb_redir_device_connect_header),
1908         VMSTATE_UINT16(vendor_id, struct usb_redir_device_connect_header),
1909         VMSTATE_UINT16(product_id, struct usb_redir_device_connect_header),
1910         VMSTATE_UINT16(device_version_bcd,
1911                        struct usb_redir_device_connect_header),
1912         VMSTATE_END_OF_LIST()
1913     }
1914 };
1915 
1916 
1917 /* For usb_redir_interface_info_header migration */
1918 static const VMStateDescription usbredir_interface_info_vmstate = {
1919     .name = "usb-redir-interface-info",
1920     .version_id = 1,
1921     .minimum_version_id = 1,
1922     .fields = (VMStateField[]) {
1923         VMSTATE_UINT32(interface_count,
1924                        struct usb_redir_interface_info_header),
1925         VMSTATE_UINT8_ARRAY(interface,
1926                             struct usb_redir_interface_info_header, 32),
1927         VMSTATE_UINT8_ARRAY(interface_class,
1928                             struct usb_redir_interface_info_header, 32),
1929         VMSTATE_UINT8_ARRAY(interface_subclass,
1930                             struct usb_redir_interface_info_header, 32),
1931         VMSTATE_UINT8_ARRAY(interface_protocol,
1932                             struct usb_redir_interface_info_header, 32),
1933         VMSTATE_END_OF_LIST()
1934     }
1935 };
1936 
1937 
1938 /* And finally the USBRedirDevice vmstate itself */
1939 static const VMStateDescription usbredir_vmstate = {
1940     .name = "usb-redir",
1941     .version_id = 1,
1942     .minimum_version_id = 1,
1943     .pre_save = usbredir_pre_save,
1944     .post_load = usbredir_post_load,
1945     .fields = (VMStateField[]) {
1946         VMSTATE_USB_DEVICE(dev, USBRedirDevice),
1947         VMSTATE_TIMER(attach_timer, USBRedirDevice),
1948         {
1949             .name         = "parser",
1950             .version_id   = 0,
1951             .field_exists = NULL,
1952             .size         = 0,
1953             .info         = &usbredir_parser_vmstate_info,
1954             .flags        = VMS_SINGLE,
1955             .offset       = 0,
1956         },
1957         VMSTATE_STRUCT_ARRAY(endpoint, USBRedirDevice, MAX_ENDPOINTS, 1,
1958                              usbredir_ep_vmstate, struct endp_data),
1959         VMSTATE_STRUCT(cancelled, USBRedirDevice, 1,
1960                        usbredir_ep_packet_id_queue_vmstate,
1961                        struct PacketIdQueue),
1962         VMSTATE_STRUCT(already_in_flight, USBRedirDevice, 1,
1963                        usbredir_ep_packet_id_queue_vmstate,
1964                        struct PacketIdQueue),
1965         VMSTATE_STRUCT(device_info, USBRedirDevice, 1,
1966                        usbredir_device_info_vmstate,
1967                        struct usb_redir_device_connect_header),
1968         VMSTATE_STRUCT(interface_info, USBRedirDevice, 1,
1969                        usbredir_interface_info_vmstate,
1970                        struct usb_redir_interface_info_header),
1971         VMSTATE_END_OF_LIST()
1972     }
1973 };
1974 
1975 static Property usbredir_properties[] = {
1976     DEFINE_PROP_CHR("chardev", USBRedirDevice, cs),
1977     DEFINE_PROP_UINT8("debug", USBRedirDevice, debug, usbredirparser_warning),
1978     DEFINE_PROP_STRING("filter", USBRedirDevice, filter_str),
1979     DEFINE_PROP_INT32("bootindex", USBRedirDevice, bootindex, -1),
1980     DEFINE_PROP_END_OF_LIST(),
1981 };
1982 
1983 static void usbredir_class_initfn(ObjectClass *klass, void *data)
1984 {
1985     USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
1986     DeviceClass *dc = DEVICE_CLASS(klass);
1987 
1988     uc->init           = usbredir_initfn;
1989     uc->product_desc   = "USB Redirection Device";
1990     uc->handle_destroy = usbredir_handle_destroy;
1991     uc->cancel_packet  = usbredir_cancel_packet;
1992     uc->handle_reset   = usbredir_handle_reset;
1993     uc->handle_data    = usbredir_handle_data;
1994     uc->handle_control = usbredir_handle_control;
1995     uc->flush_ep_queue = usbredir_flush_ep_queue;
1996     dc->vmsd           = &usbredir_vmstate;
1997     dc->props          = usbredir_properties;
1998 }
1999 
2000 static TypeInfo usbredir_dev_info = {
2001     .name          = "usb-redir",
2002     .parent        = TYPE_USB_DEVICE,
2003     .instance_size = sizeof(USBRedirDevice),
2004     .class_init    = usbredir_class_initfn,
2005 };
2006 
2007 static void usbredir_register_types(void)
2008 {
2009     type_register_static(&usbredir_dev_info);
2010 }
2011 
2012 type_init(usbredir_register_types)
2013