On Tue, Dec 17, 2013 at 09:35:39AM -0000, David Laight wrote:
> > From: Wang, Lin X
> > David is right, this patch may lead to the last trb in an event ring unprocessed according to the
> > current logic, you can reject this patch, although I think index out-of-bounds is reasonable.
> >
> > If applying this patch, then corresponding function(inc_deq()) should be modified, maybe like the
> > following way:
> >
> > diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
> > index d26cd94..0dbaa56 100644
> > --- a/drivers/usb/host/xhci-ring.c
> > +++ b/drivers/usb/host/xhci-ring.c
> > @@ -185,7 +185,7 @@ static void inc_deq(struct xhci_hcd *xhci, struct xhci_ring *ring)
> > } else {
> > ring->dequeue++;
> > }
> > - } while (last_trb(xhci, ring, ring->deq_seg, ring->dequeue));
> > + } while (last_trb(xhci, ring, ring->deq_seg, ring->dequeue) && ring->type != TYPE_EVENT);
Ah, ok, I see where I misread the code now. Thanks for figuring that
out, David.
> There are far too many conditionals in this code already.
> Adding an extra one that serves no purpose is silly.
>
> The C language explicitly allows you to take the address of the first
> item beyond the end of an array and to use that in expressions
> involving pointers to other array members.
The out-of-bounds pointer math is fine as it stands. I'll simply drop
this patch.
Sarah Sharp
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
