Patch "usb: chipidea: udc: limit usb request length to max 16KB" has been added to the 6.12-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 10 Dec 2024 15:46:40 -0500

This is a note to let you know that I've just added the patch titled

    usb: chipidea: udc: limit usb request length to max 16KB

to the 6.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     usb-chipidea-udc-limit-usb-request-length-to-max-16k.patch
and it can be found in the queue-6.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 16f8d3b0fb12043f953bc2e967dddfc4aff80790
Author: Xu Yang <xu.yang_2@xxxxxxx>
Date:   Mon Sep 23 16:12:02 2024 +0800

    usb: chipidea: udc: limit usb request length to max 16KB
    
    [ Upstream commit ca8d18aa7b0f22d66a3ca9a90d8f73431b8eca89 ]
    
    To let the device controller work properly on short packet limitations,
    one usb request should only correspond to one dTD. Then every dTD will
    set IOC. In theory, each dTD support up to 20KB data transfer if the
    offset is 0. Due to we cannot predetermine the offset, this will limit
    the usb request length to max 16KB. This should be fine since most of
    the user transfer data based on this size policy.
    
    Signed-off-by: Xu Yang <xu.yang_2@xxxxxxx>
    Acked-by: Peter Chen <peter.chen@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240923081203.2851768-2-xu.yang_2@xxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/usb/chipidea/ci.h b/drivers/usb/chipidea/ci.h
index e4b003d060c26..97437de52ef68 100644
--- a/drivers/usb/chipidea/ci.h
+++ b/drivers/usb/chipidea/ci.h
@@ -25,6 +25,7 @@
 #define TD_PAGE_COUNT      5
 #define CI_HDRC_PAGE_SIZE  4096ul /* page size for TD's */
 #define ENDPT_MAX          32
+#define CI_MAX_REQ_SIZE	(4 * CI_HDRC_PAGE_SIZE)
 #define CI_MAX_BUF_SIZE	(TD_PAGE_COUNT * CI_HDRC_PAGE_SIZE)
 
 /******************************************************************************
diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
index 69ef3cd8d4f83..d3556416dae4f 100644
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -960,6 +960,12 @@ static int _ep_queue(struct usb_ep *ep, struct usb_request *req,
 		return -EMSGSIZE;
 	}
 
+	if (ci->has_short_pkt_limit &&
+		hwreq->req.length > CI_MAX_REQ_SIZE) {
+		dev_err(hwep->ci->dev, "request length too big (max 16KB)\n");
+		return -EMSGSIZE;
+	}
+
 	/* first nuke then test link, e.g. previous status has not sent */
 	if (!list_empty(&hwreq->queue)) {
 		dev_err(hwep->ci->dev, "request already in queue\n");







