From: "yinbo.zhu" <yinbo.zhu@xxxxxxx>
When a transaction error (defined in Section 184.108.40.206, "USB
Transaction Error" of the xHCI Specification) occurs on the
USB, the host controller reports this through a transfer
event with the completion code "USB Transaction Error". When
this happens, the endpoint is placed in the Halted state.
In response, software must issue a Reset Endpoint command to
transition the endpoint to the Stopped state. In order to
restart the transfer, the driver can perform either of the
â Ring the doorbell again, which restarts the transfer from
where it stopped, or
â Issue a Set TR (Transfer Ring) Dequeue Pointer command for
the endpoint to start the transfer from a different
Transfer Ring pointer Consider the following scenario:
1. The xHCI driver prepares a control transfer read to one
of the device's control endpoints;
2. During the IN data stage, a transaction error occurs on
the USB, causing a transfer event with the completion
code "USB Transaction Error";
3. The driver issues a Reset Endpoint command;
4. The driver rings the doorbell of the control endpoint to
resume the transfer. In this scenario, the controller
may reverse the direction of the data stage from IN to OUT.
Instead of sending an ACK to the endpoint to poll for read
data, it sends a Data Packet (DP) to the endpoint. It
fetches the data from the data stage Transfer Request Block
(TRB) that is being resumed, even though the data buffer is
setup to receive data and not transmit it.
This issue occurs only if the transaction error happens during
an IN data stage. There is no issue if the transaction error
happens during an OUT data stage.
Impact: When this issue occurs, the device likely responds in
one of the following ways:
â The device responds with a STALL because the data stage has
unexpectedly changed directions. The controller then generates
a Stall Error transfer event, to which software must issue a
Reset Endpoint command followed by a Set TR Dequeue Pointer
command pointing to a new Setup TRB to clear the STALL condition.
â The device does not respond to the inverted data stage and the
transaction times out. The controller generates another USB
Transaction Error transfer event, to which software likely
performs a USB Reset to the device because it is unresponsive.
It is not expected that any of these recovery steps will cause
instability in the system because this recovery is part of a
standard xHCI driver and could happen regardless of the defect.
Another possible system-level impact is that the controller
attempts to read from the memory location pointed at by the Data
Stage TRB or a Normal TRB chained to it. associated with this
TRB is intended to be written by the controller, but the
controller reads from it instead. Normally, this does not cause
a problem. However, if the system has some type of memory
protection where this unexpected read is treated as a bus error,
it may cause the system to become unstable or to crash.
Workaround: If a USB Transaction Error occurs during the IN
data phase of a control transfer, the driver must use the
Set TR Dequeue Pointer command to either restart the data
phase or restart the entire control transfer from the