www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Pavankumar Kondeti <pkondeti@codeaurora.org>
	Fri, 7 Sep 2012 05:53:28 +0000 (11:23 +0530)
committer	Guangyu Sun <guangyu.sun@oracle.com>
	Mon, 8 Oct 2012 17:00:15 +0000 (10:00 -0700)
commit	769dd2ec5786c87b58e690ca262317e19091081d
tree	49fe0dbea146f092797e9a4b9e632ced0763a01f	tree
parent	50005078ddc88a09abd6fe6611d5a5272fddc713	commit \| diff

EHCI: Update qTD next pointer in QH overlay region during unlink

commit 3d037774b42ed677f699b1dce7d548d55f4e4c2b upstream.

There is a possibility of QH overlay region having reference to a stale
qTD pointer during unlink.

Consider an endpoint having two pending qTD before unlink process begins.
The endpoint's QH queue looks like this.

qTD1 --> qTD2 --> Dummy

To unlink qTD2, QH is removed from asynchronous list and Asynchronous
Advance Doorbell is programmed.  The qTD1's next qTD pointer is set to
qTD2'2 next qTD pointer and qTD2 is retired upon controller's doorbell
interrupt.  If QH's current qTD pointer points to qTD1, transfer overlay
region still have reference to qTD2. But qtD2 is just unlinked and freed.
This may cause EHCI system error.  Fix this by updating qTD next pointer
in QH overlay region with the qTD next pointer of the current qTD.

Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Guangyu Sun <guangyu.sun@oracle.com>