On 01.07.2015 07:40, AMAN DEEP wrote: > > virt_dev->num_cached_rings counts on freed ring and > is not updated correctly. In xhci_free_or_cache_endpoint_ring() function, > the free ring is added into cache and then > num_rings_cache is incremented as below: > virt_dev->ring_cache[rings_cached] = > virt_dev->eps[ep_index].ring; > virt_dev->num_rings_cached++; > here, free ring pointer is added to a current index and then > index is incremented. > So current index always points to empty location in the ring cache. > For getting available free ring, > current index should be decremented first and then > corresponding ring buffer value should be taken from ring cache. > > But In function xhci_endpoint_init(), > the num_rings_cached index is accessed before decrement. > virt_dev->eps[ep_index].new_ring = > virt_dev->ring_cache[virt_dev->num_rings_cached]; > virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL; > virt_dev->num_rings_cached--; > This is bug in manipulating the index of ring cache. > And it should be as below: > virt_dev->num_rings_cached--; > virt_dev->eps[ep_index].new_ring = > virt_dev->ring_cache[virt_dev->num_rings_cached]; > virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL; > Nice catch, Thanks I'll add it to my queue -Mathias -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
