On Sun, 10 Apr 2011, Gabor Juhos wrote: > A Synopsys USB core used in various SoCs has a bug which might cause > that the host controller not issuing ping. > > When software uses the Doorbell mechanism to remove queue heads, the > host controller still has references to the removed queue head even > after indicating an Interrupt on Async Advance. This happens if the last > executed queue head's Next Link queue head is removed. > > Consequences of the defect: > The Host controller fetches the removed queue head, using memory that > would otherwise be deallocated.This results in incorrect transactions on > both the USB and system memory. This may result in undefined behavior. > --- a/drivers/usb/host/ehci-q.c > +++ b/drivers/usb/host/ehci-q.c > @@ -1183,6 +1183,9 @@ static void end_unlink_async (struct ehci_hcd *ehci) > ehci->reclaim = NULL; > start_unlink_async (ehci, next); > } > + > + if (ehci->has_synopsys_hc_bug) > + writel((u32)ehci->async->qh_dma, &ehci->regs->async_next); > } This should be ehci_writel(ehci, ...). Alan Stern
