aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlan Stern <stern@rowland.harvard.edu>2011-03-16 10:57:15 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2011-03-23 16:14:17 -0400
commitb5a3b3d985493c173925907adfebf3edab236fe7 (patch)
tree419b41113805d9c2d54aa787e557e5efdabe7a4e
parent9d02b42614149ebccf12c9c580601ed01bd83070 (diff)
ehci-hcd: Bug fix: don't set a QH's Halt bit
This patch (as1453) fixes a long-standing bug in the ehci-hcd driver. There is no need to set the Halt bit in the overlay region for an unlinked or blocked QH. Contrary to what the comment says, setting the Halt bit does not cause the QH to be patched later; that decision (made in qh_refresh()) depends only on whether the QH is currently pointing to a valid qTD. Likewise, setting the Halt bit does not prevent completions from activating the QH while it is "stopped"; they are prevented by the fact that qh_completions() temporarily changes qh->qh_state to QH_STATE_COMPLETING. On the other hand, there are circumstances in which the QH will be reactivated _without_ being patched; this happens after an URB beyond the head of the queue is unlinked. Setting the Halt bit will then cause the hardware to see the QH with both the Active and Halt bits set, an invalid combination that will prevent the queue from advancing and may even crash some controllers. Apparently the only reason this hasn't been reported before is that unlinking URBs from the middle of a running queue is quite uncommon. However Test 17, recently added to the usbtest driver, does exactly this, and it confirms the presence of the bug. In short, there is no reason to set the Halt bit for an unlinked or blocked QH, and there is a very good reason not to set it. Therefore the code that sets it is removed. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Andiry Xu <andiry.xu@amd.com> CC: David Brownell <david-b@pacbell.net> CC: <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/usb/host/ehci-q.c12
1 files changed, 0 insertions, 12 deletions
diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
index fe99895fb09..98ded66e8d3 100644
--- a/drivers/usb/host/ehci-q.c
+++ b/drivers/usb/host/ehci-q.c
@@ -315,7 +315,6 @@ qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh)
315 int stopped; 315 int stopped;
316 unsigned count = 0; 316 unsigned count = 0;
317 u8 state; 317 u8 state;
318 const __le32 halt = HALT_BIT(ehci);
319 struct ehci_qh_hw *hw = qh->hw; 318 struct ehci_qh_hw *hw = qh->hw;
320 319
321 if (unlikely (list_empty (&qh->qtd_list))) 320 if (unlikely (list_empty (&qh->qtd_list)))
@@ -422,7 +421,6 @@ qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh)
422 && !(qtd->hw_alt_next 421 && !(qtd->hw_alt_next
423 & EHCI_LIST_END(ehci))) { 422 & EHCI_LIST_END(ehci))) {
424 stopped = 1; 423 stopped = 1;
425 goto halt;
426 } 424 }
427 425
428 /* stop scanning when we reach qtds the hc is using */ 426 /* stop scanning when we reach qtds the hc is using */
@@ -456,16 +454,6 @@ qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh)
456 */ 454 */
457 ehci_clear_tt_buffer(ehci, qh, urb, token); 455 ehci_clear_tt_buffer(ehci, qh, urb, token);
458 } 456 }
459
460 /* force halt for unlinked or blocked qh, so we'll
461 * patch the qh later and so that completions can't
462 * activate it while we "know" it's stopped.
463 */
464 if ((halt & hw->hw_token) == 0) {
465halt:
466 hw->hw_token |= halt;
467 wmb ();
468 }
469 } 457 }
470 458
471 /* unless we already know the urb's status, collect qtd status 459 /* unless we already know the urb's status, collect qtd status