Re: [PATCH] EHCI: Update qTD next pointer in QH overlay region during unlink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 7 Sep 2012, Pavankumar Kondeti wrote:

> There is a possibility of QH overlay region having reference to a stale
> qTD pointer during unlink.
> 
> Consider an endpoint having two pending qTD before unlink process begins.
> The endpoint's QH queue looks like this.
> 
> qTD1 --> qTD2 --> Dummy
> 
> To unlink qTD2, QH is removed from asynchronous list and Asynchronous
> Advance Doorbell is programmed.  The qTD1's next qTD pointer is set to
> qTD2'2 next qTD pointer and qTD2 is retired upon controller's doorbell
> interrupt.  If QH's current qTD pointer points to qTD1, transfer overlay
> region still have reference to qTD2. But qtD2 is just unlinked and freed.
> This may cause EHCI system error.  Fix this by updating qTD next pointer
> in QH overlay region with the qTD next pointer of the current qTD.
> 
> Signed-off-by: Pavankumar Kondeti <pkondeti@xxxxxxxxxxxxxx>
> ---
>  drivers/usb/host/ehci-q.c |   12 ++++++++++--
>  1 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
> index 9bc39ca..4b66374 100644
> --- a/drivers/usb/host/ehci-q.c
> +++ b/drivers/usb/host/ehci-q.c
> @@ -128,9 +128,17 @@ qh_refresh (struct ehci_hcd *ehci, struct ehci_qh *qh)
>  	else {
>  		qtd = list_entry (qh->qtd_list.next,
>  				struct ehci_qtd, qtd_list);
> -		/* first qtd may already be partially processed */
> -		if (cpu_to_hc32(ehci, qtd->qtd_dma) == qh->hw->hw_current)
> +		/*
> +		 * first qtd may already be partially processed.
> +		 * If we come here during unlink, the QH overlay region
> +		 * might have reference to the just unlinked qtd. The
> +		 * qtd is updated in qh_completions(). Update the QH
> +		 * overlay here.
> +		 */
> +		if (cpu_to_hc32(ehci, qtd->qtd_dma) == qh->hw->hw_current) {
> +			qh->hw->hw_qtd_next = qtd->hw_next;
>  			qtd = NULL;
> +		}
>  	}
>  
>  	if (qtd)

Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>

Have you been able to determine that this eliminates your host system
errors?

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux