mirror of
https://github.com/torvalds/linux
synced 2024-10-08 04:12:40 +00:00
f5af638f06
The amount of new TRBs needed is calculated incorrectly when expanding a transfer ring. The room_on_ring() helper will correctly report that the ring needs expansion if the enqueue pointer is about to reach the dequeue segment. If enqueue reaches the dequeue segment then there is no easy way to expand the ring by adding new segments between enqueue and dequeue. This leads to ring expansion even if num_trbs_free is larger than num_trbs we are queueing. As a result we try to store a negative number in a unsigned int, leading to a huge percieved trb need, and doubling of ring size. Rework and rename the room_on_ring() to a helper that checks if ring needs expansion, and return number of new segments needed. Don't rely on the tracked ring->num_trbs_free value as turns out it has been unreliable. Use ring enqueue and dequeue positions to determine expansion need. The unsigned int issue was first reported first Chao zeng, and a bit later seen in a real world bug. Reported-by: chao zeng <chao.zengup@gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217242 Tested-by: Miller Hunter <MillerH@hearthnhome.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Message-ID: <20230602144009.1225632-7-mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| atm | ||
| c67x00 | ||
| cdns3 | ||
| chipidea | ||
| class | ||
| common | ||
| core | ||
| dwc2 | ||
| dwc3 | ||
| early | ||
| fotg210 | ||
| gadget | ||
| host | ||
| image | ||
| isp1760 | ||
| misc | ||
| mon | ||
| mtu3 | ||
| musb | ||
| phy | ||
| renesas_usbhs | ||
| roles | ||
| serial | ||
| storage | ||
| typec | ||
| usbip | ||
| Kconfig | ||
| Makefile | ||
| usb-skeleton.c | ||