1 From 55a8f65623880e02c9bc7ad6237513e0ef5f371b Mon Sep 17 00:00:00 2001
2 From: Jonathan Bell <jonathan@raspberrypi.com>
3 Date: Wed, 11 Aug 2021 15:33:57 +0100
4 Subject: [PATCH] usb: xhci: workaround for bogus SET_DEQ_PENDING
7 See https://github.com/raspberrypi/linux/issues/3981
9 An unknown unsafe memory access can result in the ep_state variable
10 in xhci_virt_ep being trampled with a stuck SET_DEQ_PENDING state
11 despite successful completion of a Set TR Deq Pointer command.
13 All URB enqueue/dequeue calls for the endpoint will fail in this state
14 so no transfers are possible until the device is reconnected.
16 As a workaround, clear the flag if we see it set and issue a new Set
17 TR Deq command anyway - this should be harmless, as a prior Set TR Deq
18 command will only have been issued in the Stopped state, and if the
19 endpoint is Running then the controller is required to ignore it and
20 respond with a Context State Error event TRB.
22 Signed-off-by: Jonathan Bell <jonathan@raspberrypi.com>
24 drivers/usb/host/xhci-ring.c | 6 +++---
25 1 file changed, 3 insertions(+), 3 deletions(-)
27 --- a/drivers/usb/host/xhci-ring.c
28 +++ b/drivers/usb/host/xhci-ring.c
29 @@ -675,9 +675,9 @@ deq_found:
32 if ((ep->ep_state & SET_DEQ_PENDING)) {
33 - xhci_warn(xhci, "Set TR Deq already pending, don't submit for 0x%pad\n",
36 + xhci_warn(xhci, "WARN A Set TR Deq Ptr command is pending for slot %u ep %u\n",
38 + ep->ep_state &= ~SET_DEQ_PENDING;
41 /* This function gets called from contexts where it cannot sleep */