It is not safe to truncate requests to the maximum possible size the controller can handle with one td and to keep working. That patch fixes that with proper error handling instead. Cc: stable <stable@xxxxxxxxxxxxxxx> Signed-off-by: Michael Grzeschik <m.grzeschik@xxxxxxxxxxxxxx> --- drivers/usb/chipidea/udc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index d4db3ac..e7c84ab 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -1207,9 +1207,9 @@ static int ep_queue(struct usb_ep *ep, struct usb_request *req, } if (req->length > 4 * CI13XXX_PAGE_SIZE) { - req->length = 4 * CI13XXX_PAGE_SIZE; retval = -EMSGSIZE; - dev_warn(mEp->ci->dev, "request length truncated\n"); + dev_err(mEp->ci->dev, "request bigger than one td\n"); + goto done; } dbg_queue(_usb_addr(mEp), req, retval); -- 1.8.2.rc2 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html