Re: [RFC PATCH] usb: xhci-mtk: handle bandwidth table rollover

From: Chunfeng Yun (云春峰)
Date: Wed Aug 11 2021 - 05:02:46 EST


On Mon, 2021-08-09 at 17:42 +0800, Ikjoon Jang wrote:
> On Mon, Aug 9, 2021 at 5:11 PM Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > On Mon, Aug 09, 2021 at 04:59:29PM +0800, Ikjoon Jang wrote:
> > > xhci-mtk has 64 slots for periodic bandwidth calculations and
> > > each
> > > slot represents byte budgets on a microframe. When an endpoint's
> > > allocation sits on the boundary of the table, byte budgets' slot
> > > should be rolled over but the current implementation doesn't.
> > >
> > > This patch applies a 6 bits mask to the microframe index to
> > > handle
> > > its rollover 64 slots and prevent out-of-bounds array access.
> > >
> > > Signed-off-by: Ikjoon Jang <ikjn@xxxxxxxxxxxx>
> > > ---
> > >
> > > drivers/usb/host/xhci-mtk-sch.c | 79 +++++++++----------------
> > > --------
> > > drivers/usb/host/xhci-mtk.h | 1 +
> > > 2 files changed, 23 insertions(+), 57 deletions(-)
> >
> > Why is this "RFC"? What needs to be addressed in this change
> > before it
> > can be accepted?
>
> sorry, I had to mention why this is RFC:
>
> I simply don't know about the details of the xhci-mtk internals.
> It was okay from my tests with mt8173 and I think this will be
> harmless
> as this is "better than before".
>
> But when I removed get_esit_boundary(), I really have no idea why
> it was there. I'm wondering if there was another reason of that
> function
> other than just preventing out-of-bounds. Maybe chunfeng can answer
> this?
We use @esit to prevent out-of-bounds array access. it's not a ring,
can't insert out-of-bounds value into head slot.

>
> Thanks!
>
> >
> > thanks,
> >
> > greg k-h