the issue is not seen on 4.9, I check the commit cf3113d8 is first introduced in kernel 4.11-rc2.
commit cf3113d893d4427b166ec8695460efa7aa660923
Author: Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx>
Date: Fri Feb 17 11:12:44 2017 +0200
usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue
If request was already started, this means we had to
stop the transfer. With that we also need to ignore
all TRBs used by the request, however TRBs can only
be modified after completion of END_TRANSFER
command. So what we have to do here is wait for
END_TRANSFER completion and only after that jump
over TRBs by clearing HWO and incrementing dequeue
pointer.
Note that we have 2 possible types of transfers
here:
i) Linear buffer request
ii) SG-list based request
SG-list based requests will have r->num_pending_sgs
set to a valid number (> 0). Linear requests,
normally use a single TRB.
For each of these two cases, if r->unaligned flag is
set, one extra TRB has been used to align transfer
size to wMaxPacketSize.
All of these cases need to be taken into
consideration so we don't mess up our TRB ring
pointers.
Tested-by: Janusz Dziedzic <januszx.dziedzic@xxxxxxxxx>
Signed-off-by: Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx>
-----Original Message-----
From: Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx>
Sent: Wednesday, January 23, 2019 2:32 PM
To: Evan Green <evgreen@xxxxxxxxxx>; stable@xxxxxxxxxxxxxxx
Cc: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>; Sam Protsenko <semen.protsenko@xxxxxxxxxx>; He, Bo <bo.he@xxxxxxxxx>; Doug Anderson <dianders@xxxxxxxxxxxx>; Stephen Boyd <swboyd@xxxxxxxxxxxx>; Matthias Kaehlcke <mka@xxxxxxxxxxxx>
Subject: Re: Backporting dwc3 gadget fixes
Hi Evan,
Evan Green <evgreen@xxxxxxxxxx> writes:
> Hello stablers,
>
> With the following revert being backported to stable:
> a9c859033f6ec Revert "usb: gadget: ffs: Fix BUG when userland exits
> with submitted AIO transfers"
>
> The original bug it fixed is back. I wonder if we should be
Is it so that the original bug only happens with dwc3? If so, then we should definitely backport the series below.
> backporting the series that seems to quietly fix that issue:
> fec9095bdef4e usb: dwc3: gadget: remove wait_end_transfer
> d4f1afe5e896c usb: dwc3: gadget: move requests to cancelled_list
> d5443bbf5fc8f usb: dwc3: gadget: introduce cancelled_list
> 7746a8dfb3f9c usb: dwc3: gadget: extract dwc3_gadget_ep_skip_trbs()
> c3acd59014148 usb: dwc3: gadget: use num_trbs when skipping TRBs on
> ->dequeue()
> 09fe1f8d7e2f4 usb: dwc3: gadget: track number of TRBs per request
> 1a22ec6435806 usb: dwc3: gadget: combine unaligned and zero flags
>
> (Patch 1/8 of the original series was already backported). I know we
> saw this with 4.19, I'm not sure which other versions it would go
> into.
We could ask Greg to backport at least for v4.14. I'm not sure this applies to v4.9.
--
balbi
