Patch "usb: chipidea: udc: limit usb request length to max 16KB" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 2 Jan 2025 19:44:08 -0500

This is a note to let you know that I've just added the patch titled

    usb: chipidea: udc: limit usb request length to max 16KB

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     usb-chipidea-udc-limit-usb-request-length-to-max-16k.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 3a2effe2072215a53d333ffca74fd3caf8a1a23b
Author: Xu Yang <xu.yang_2@xxxxxxx>
Date:   Mon Sep 23 16:12:02 2024 +0800

    usb: chipidea: udc: limit usb request length to max 16KB
    
    [ Upstream commit ca8d18aa7b0f22d66a3ca9a90d8f73431b8eca89 ]
    
    To let the device controller work properly on short packet limitations,
    one usb request should only correspond to one dTD. Then every dTD will
    set IOC. In theory, each dTD support up to 20KB data transfer if the
    offset is 0. Due to we cannot predetermine the offset, this will limit
    the usb request length to max 16KB. This should be fine since most of
    the user transfer data based on this size policy.
    
    Signed-off-by: Xu Yang <xu.yang_2@xxxxxxx>
    Acked-by: Peter Chen <peter.chen@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240923081203.2851768-2-xu.yang_2@xxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/usb/chipidea/ci.h b/drivers/usb/chipidea/ci.h
index e4b003d060c2..97437de52ef6 100644
--- a/drivers/usb/chipidea/ci.h
+++ b/drivers/usb/chipidea/ci.h
@@ -25,6 +25,7 @@
 #define TD_PAGE_COUNT      5
 #define CI_HDRC_PAGE_SIZE  4096ul /* page size for TD's */
 #define ENDPT_MAX          32
+#define CI_MAX_REQ_SIZE	(4 * CI_HDRC_PAGE_SIZE)
 #define CI_MAX_BUF_SIZE	(TD_PAGE_COUNT * CI_HDRC_PAGE_SIZE)
 
 /******************************************************************************
diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
index 9f7d003e467b..f2ae5f4c5828 100644
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -959,6 +959,12 @@ static int _ep_queue(struct usb_ep *ep, struct usb_request *req,
 		return -EMSGSIZE;
 	}
 
+	if (ci->has_short_pkt_limit &&
+		hwreq->req.length > CI_MAX_REQ_SIZE) {
+		dev_err(hwep->ci->dev, "request length too big (max 16KB)\n");
+		return -EMSGSIZE;
+	}
+
 	/* first nuke then test link, e.g. previous status has not sent */
 	if (!list_empty(&hwreq->queue)) {
 		dev_err(hwep->ci->dev, "request already in queue\n");







