On Mon, 2021-08-09 at 17:42 +0800, Ikjoon Jang wrote: > On Mon, Aug 9, 2021 at 5:11 PM Greg Kroah-Hartman > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Mon, Aug 09, 2021 at 04:59:29PM +0800, Ikjoon Jang wrote: > > > xhci-mtk has 64 slots for periodic bandwidth calculations and > > > each > > > slot represents byte budgets on a microframe. When an endpoint's > > > allocation sits on the boundary of the table, byte budgets' slot > > > should be rolled over but the current implementation doesn't. > > > > > > This patch applies a 6 bits mask to the microframe index to > > > handle > > > its rollover 64 slots and prevent out-of-bounds array access. > > > > > > Signed-off-by: Ikjoon Jang <ikjn@xxxxxxxxxxxx> > > > --- > > > > > > drivers/usb/host/xhci-mtk-sch.c | 79 +++++++++---------------- > > > -------- > > > drivers/usb/host/xhci-mtk.h | 1 + > > > 2 files changed, 23 insertions(+), 57 deletions(-) > > > > Why is this "RFC"? What needs to be addressed in this change > > before it > > can be accepted? > > sorry, I had to mention why this is RFC: > > I simply don't know about the details of the xhci-mtk internals. > It was okay from my tests with mt8173 and I think this will be > harmless > as this is "better than before". > > But when I removed get_esit_boundary(), I really have no idea why > it was there. I'm wondering if there was another reason of that > function > other than just preventing out-of-bounds. Maybe chunfeng can answer > this? We use @esit to prevent out-of-bounds array access. it's not a ring, can't insert out-of-bounds value into head slot. > > Thanks! > > > > > thanks, > > > > greg k-h
