> From: Wang, Lin X
> David is right, this patch may lead to the last trb in an event ring unprocessed according to the
> current logic, you can reject this patch, although I think index out-of-bounds is reasonable.
>
> If applying this patch, then corresponding function(inc_deq()) should be modified, maybe like the
> following way:
>
> diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
> index d26cd94..0dbaa56 100644
> --- a/drivers/usb/host/xhci-ring.c
> +++ b/drivers/usb/host/xhci-ring.c
> @@ -185,7 +185,7 @@ static void inc_deq(struct xhci_hcd *xhci, struct xhci_ring *ring)
> } else {
> ring->dequeue++;
> }
> - } while (last_trb(xhci, ring, ring->deq_seg, ring->dequeue));
> + } while (last_trb(xhci, ring, ring->deq_seg, ring->dequeue) && ring->type != TYPE_EVENT);
There are far too many conditionals in this code already.
Adding an extra one that serves no purpose is silly.
The C language explicitly allows you to take the address of the first
item beyond the end of an array and to use that in expressions
involving pointers to other array members.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
