mirror of
https://github.com/torvalds/linux.git
synced 2024-11-28 23:21:31 +00:00
ef5e2fa9f6
In the function scan_dma_completions() there is a reusage of tmp variable. That coused a wrong value being used in some case when reading a short packet terminated transaction from an endpoint, in 2 concecutive reads. This was my logic for the patch: The req->td->dmadesc equals to 0 iff: -- There was a transaction ending with a short packet, and -- The read() to read it was shorter than the transaction length, and -- The read() to complete it is longer than the residue. I believe this is true from the printouts of various cases, but I can't be positive it is correct. Entering this if, there should be no more data in the endpoint (a short packet terminated the transaction). If there is, the transaction wasn't really done and we should exit and wait for it to finish entirely. That is the inner if. That inner if should never happen, but it is there to be on the safe side. That is why it is marked with the comment /* paranoia */. The size of the data available in the endpoint is ep->dma->dmacount and it is read to tmp. This entire clause is based on my own educated guesses. If we passed that inner if without breaking in the original code, than tmp & DMA_BYTE_MASK_COUNT== 0. That means we will always pass dma bytes count of 0 to dma_done(), meaning all the requested bytes were read. dma_done() reports back to the upper layer that the request (read()) was done and how many bytes were read. In the original code that would always be the request size, regardless of the actual size of the data. That did not make sense to me at all. However, the original value of tmp is req->td->dmacount, which is the dmacount value when the request's dma transaction was finished. And that is a much more reasonable value to report back to the caller. To recreate the problem: Read from a bulk out endpoint in a loop, 1024 * n bytes in each iteration. Connect the PLX to a host you can control. Send to that endpoint 1024 * n + x bytes, such that 0 < x < 1024 * n and (x % 1024) != 0 You would expect the first read() to return 1024 * n and the second read() to return x. But you will get the first read to return 1024 * n and the second one to return 1024 * n. That is true for every positive integer n. Cc: Felipe Balbi <balbi@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-usb@vger.kernel.org Signed-off-by: Raz Manor <Raz.Manor@valens.com> Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com> |
||
|---|---|---|
| .. | ||
| atm | ||
| c67x00 | ||
| chipidea | ||
| class | ||
| common | ||
| core | ||
| dwc2 | ||
| dwc3 | ||
| early | ||
| gadget | ||
| host | ||
| image | ||
| isp1760 | ||
| misc | ||
| mon | ||
| mtu3 | ||
| musb | ||
| phy | ||
| renesas_usbhs | ||
| serial | ||
| storage | ||
| usbip | ||
| wusbcore | ||
| Kconfig | ||
| Makefile | ||
| README | ||
| usb-skeleton.c | ||
To understand all the Linux-USB framework, you'll use these resources:
* This source code. This is necessarily an evolving work, and
includes kerneldoc that should help you get a current overview.
("make pdfdocs", and then look at "usb.pdf" for host side and
"gadget.pdf" for peripheral side.) Also, Documentation/usb has
more information.
* The USB 2.0 specification (from www.usb.org), with supplements
such as those for USB OTG and the various device classes.
The USB specification has a good overview chapter, and USB
peripherals conform to the widely known "Chapter 9".
* Chip specifications for USB controllers. Examples include
host controllers (on PCs, servers, and more); peripheral
controllers (in devices with Linux firmware, like printers or
cell phones); and hard-wired peripherals like Ethernet adapters.
* Specifications for other protocols implemented by USB peripheral
functions. Some are vendor-specific; others are vendor-neutral
but just standardized outside of the www.usb.org team.
Here is a list of what each subdirectory here is, and what is contained in
them.
core/ - This is for the core USB host code, including the
usbfs files and the hub class driver ("hub_wq").
host/ - This is for USB host controller drivers. This
includes UHCI, OHCI, EHCI, and others that might
be used with more specialized "embedded" systems.
gadget/ - This is for USB peripheral controller drivers and
the various gadget drivers which talk to them.
Individual USB driver directories. A new driver should be added to the
first subdirectory in the list below that it fits into.
image/ - This is for still image drivers, like scanners or
digital cameras.
../input/ - This is for any driver that uses the input subsystem,
like keyboard, mice, touchscreens, tablets, etc.
../media/ - This is for multimedia drivers, like video cameras,
radios, and any other drivers that talk to the v4l
subsystem.
../net/ - This is for network drivers.
serial/ - This is for USB to serial drivers.
storage/ - This is for USB mass-storage drivers.
class/ - This is for all USB device drivers that do not fit
into any of the above categories, and work for a range
of USB Class specified devices.
misc/ - This is for all USB device drivers that do not fit
into any of the above categories.