Re: [PATCH] usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup

From: Felipe Balbi
Date: Thu Jan 10 2019 - 03:02:58 EST



Hi,

Jack Pham <jackp@xxxxxxxxxxxxxx> writes:

> OUT endpoint requests may somtimes have this flag set when
> preparing to be submitted to HW indicating that there is an
> additional TRB chained to the request for alignment purposes.
> If that request is removed before the controller can execute the
> transfer (e.g. ep_dequeue/ep_disable), the request will not go
> through the dwc3_gadget_ep_cleanup_completed_request() handler
> and will not have its needs_extra_trb flag cleared when
> dwc3_gadget_giveback() is called. This same request could be
> later requeued for a new transfer that does not require an
> extra TRB and if it is successfully completed, the cleanup
> and TRB reclamation will incorrectly process the additional TRB
> which belongs to the next request, and incorrectly advances the
> TRB dequeue pointer, thereby messing up calculation of the next
> requeust's actual/remaining count when it completes.
>
> The right thing to do here is to ensure that the flag is cleared
> before it is given back to the function driver. A good place
> to do that is in dwc3_gadget_del_and_unmap_request().
>
> Signed-off-by: Jack Pham <jackp@xxxxxxxxxxxxxx>
> ---
> Hi Felipe,
>
> There's probably zero chance this is making it to 4.20, so if you take
> this after 4.21-rc1 so be it. But should this be Cc: stable? If so it
> needs to be sent separately for <= 4.19 as needs_extra_trb was previously
> req->unaligned and req->zero.

we need a Cc stable, indeed. And a Fixes tag.

--
balbi