On Mon, Aug 9, 2021 at 5:11 PM Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Mon, Aug 09, 2021 at 04:59:29PM +0800, Ikjoon Jang wrote: > > xhci-mtk has 64 slots for periodic bandwidth calculations and each > > slot represents byte budgets on a microframe. When an endpoint's > > allocation sits on the boundary of the table, byte budgets' slot > > should be rolled over but the current implementation doesn't. > > > > This patch applies a 6 bits mask to the microframe index to handle > > its rollover 64 slots and prevent out-of-bounds array access. > > > > Signed-off-by: Ikjoon Jang <ikjn@xxxxxxxxxxxx> > > --- > > > > drivers/usb/host/xhci-mtk-sch.c | 79 +++++++++------------------------ > > drivers/usb/host/xhci-mtk.h | 1 + > > 2 files changed, 23 insertions(+), 57 deletions(-) > > Why is this "RFC"? What needs to be addressed in this change before it > can be accepted? sorry, I had to mention why this is RFC: I simply don't know about the details of the xhci-mtk internals. It was okay from my tests with mt8173 and I think this will be harmless as this is "better than before". But when I removed get_esit_boundary(), I really have no idea why it was there. I'm wondering if there was another reason of that function other than just preventing out-of-bounds. Maybe chunfeng can answer this? Thanks! > > thanks, > > greg k-h