ring_doorbell_for_active_rings() API is being called from
multiple context. This specific API tries to get virt_dev
based endpoint using passed slot_id and ep_index. Some caller
API is having check against slot_id and ep_index using
xhci_get_virt_ep() API whereas xhci_handle_cmd_config_ep() API
only check ep_index against -1 value but not upper bound i.e.
EP_CTX_PER_DEV. Hence use xhci_get_virt_ep() API to get virt_dev
based endpoint which checks both slot_id and ep_index to get
valid endpoint.
Signed-off-by: Mayank Rana <[email protected]>
---
drivers/usb/host/xhci-ring.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index d0b6806..3bab4f3 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -62,6 +62,9 @@ static int queue_command(struct xhci_hcd *xhci, struct xhci_command *cmd,
u32 field1, u32 field2,
u32 field3, u32 field4, bool command_must_succeed);
+static struct xhci_virt_ep *xhci_get_virt_ep(struct xhci_hcd *xhci,
+ unsigned int slot_id, unsigned int ep_index);
+
/*
* Returns zero if the TRB isn't in this segment, otherwise it returns the DMA
* address of the TRB.
@@ -457,7 +460,9 @@ static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
unsigned int stream_id;
struct xhci_virt_ep *ep;
- ep = &xhci->devs[slot_id]->eps[ep_index];
+ ep = xhci_get_virt_ep(xhci, slot_id, ep_index);
+ if (!ep)
+ return;
/* A ring has pending URBs if its TD list is not empty */
if (!(ep->ep_state & EP_HAS_STREAMS)) {
--
2.7.4
On Fri, Apr 29, 2022 at 12:49:59PM +0300, Mathias Nyman wrote:
> On 28.4.2022 22.04, Mayank Rana wrote:
> > ring_doorbell_for_active_rings() API is being called from
> > multiple context. This specific API tries to get virt_dev
> > based endpoint using passed slot_id and ep_index. Some caller
> > API is having check against slot_id and ep_index using
> > xhci_get_virt_ep() API whereas xhci_handle_cmd_config_ep() API
> > only check ep_index against -1 value but not upper bound i.e.
> > EP_CTX_PER_DEV. Hence use xhci_get_virt_ep() API to get virt_dev
> > based endpoint which checks both slot_id and ep_index to get
> > valid endpoint.
>
> ep_index upper bound is known to be in range as EP_CTX_PER_DEV is 31,
> and ep_index = fls(u32 value) - 1 - 1;
>
> We can change to use xhci_get_virt_ep(), but this would be more useful
> earlier in xhci_handle_cmd_config_ep() where we touch the ep before
> calling ring_doorbell_for_active_rings()
>
> Also note that this codepath is only used for some prototype
> xHC controller that probably never made it to the market about 10 years ago.
Can we just delete the codepath entirely then?
thanks,
greg k-h
On 28.4.2022 22.04, Mayank Rana wrote:
> ring_doorbell_for_active_rings() API is being called from
> multiple context. This specific API tries to get virt_dev
> based endpoint using passed slot_id and ep_index. Some caller
> API is having check against slot_id and ep_index using
> xhci_get_virt_ep() API whereas xhci_handle_cmd_config_ep() API
> only check ep_index against -1 value but not upper bound i.e.
> EP_CTX_PER_DEV. Hence use xhci_get_virt_ep() API to get virt_dev
> based endpoint which checks both slot_id and ep_index to get
> valid endpoint.
ep_index upper bound is known to be in range as EP_CTX_PER_DEV is 31,
and ep_index = fls(u32 value) - 1 - 1;
We can change to use xhci_get_virt_ep(), but this would be more useful
earlier in xhci_handle_cmd_config_ep() where we touch the ep before
calling ring_doorbell_for_active_rings()
Also note that this codepath is only used for some prototype
xHC controller that probably never made it to the market about 10 years ago.
Thanks
Mathias