提交 7a0f0d95 编写于 作者: A Alan Stern 提交者: Greg Kroah-Hartman

USB: EHCI: fix two new bugs related to Clear-TT-Buffer

This patch (as1273) fixes two(!) bugs introduced by the new
Clear-TT-Buffer implementation in ehci-hcd.

	It is now possible for an idle QH to have some URBs on its
	queue -- this will happen if a Clear-TT-Buffer is pending for
	the QH's endpoint.  Consequently we should not issue a warning
	when someone tries to unlink an URB from an idle QH; instead
	we should process the request immediately.

	The refcounts for QHs could get messed up, because
	submit_async() would increment the refcount when calling
	qh_link_async() and qh_link_async() would then refuse to link
	the QH into the schedule if a Clear-TT-Buffer was pending.
	Instead we should increment the refcount only when the QH
	actually is added to the schedule.  The current code tries to
	be clever by leaving the refcount alone if an unlink is
	immediately followed by a relink; the patch changes this to an
	unconditional decrement and increment (although they occur in
	the opposite order).
Signed-off-by: NAlan Stern <stern@rowland.harvard.edu>
CC: David Brownell <david-b@pacbell.net>
Tested-by: NManuel Lauss <manuel.lauss@gmail.com>
Tested-by: NMatthijs Kooijman <matthijs@stdin.nl>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

上级 01105a24
...@@ -903,7 +903,8 @@ static int ehci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) ...@@ -903,7 +903,8 @@ static int ehci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
/* already started */ /* already started */
break; break;
case QH_STATE_IDLE: case QH_STATE_IDLE:
WARN_ON(1); /* QH might be waiting for a Clear-TT-Buffer */
qh_completions(ehci, qh);
break; break;
} }
break; break;
......
...@@ -940,6 +940,7 @@ static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh) ...@@ -940,6 +940,7 @@ static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh)
head->qh_next.qh = qh; head->qh_next.qh = qh;
head->hw_next = dma; head->hw_next = dma;
qh_get(qh);
qh->xacterrs = QH_XACTERR_MAX; qh->xacterrs = QH_XACTERR_MAX;
qh->qh_state = QH_STATE_LINKED; qh->qh_state = QH_STATE_LINKED;
/* qtd completions reported later by interrupt */ /* qtd completions reported later by interrupt */
...@@ -1080,7 +1081,7 @@ submit_async ( ...@@ -1080,7 +1081,7 @@ submit_async (
* the HC and TT handle it when the TT has a buffer ready. * the HC and TT handle it when the TT has a buffer ready.
*/ */
if (likely (qh->qh_state == QH_STATE_IDLE)) if (likely (qh->qh_state == QH_STATE_IDLE))
qh_link_async (ehci, qh_get (qh)); qh_link_async(ehci, qh);
done: done:
spin_unlock_irqrestore (&ehci->lock, flags); spin_unlock_irqrestore (&ehci->lock, flags);
if (unlikely (qh == NULL)) if (unlikely (qh == NULL))
...@@ -1115,8 +1116,6 @@ static void end_unlink_async (struct ehci_hcd *ehci) ...@@ -1115,8 +1116,6 @@ static void end_unlink_async (struct ehci_hcd *ehci)
&& HC_IS_RUNNING (ehci_to_hcd(ehci)->state)) && HC_IS_RUNNING (ehci_to_hcd(ehci)->state))
qh_link_async (ehci, qh); qh_link_async (ehci, qh);
else { else {
qh_put (qh); // refcount from async list
/* it's not free to turn the async schedule on/off; leave it /* it's not free to turn the async schedule on/off; leave it
* active but idle for a while once it empties. * active but idle for a while once it empties.
*/ */
...@@ -1124,6 +1123,7 @@ static void end_unlink_async (struct ehci_hcd *ehci) ...@@ -1124,6 +1123,7 @@ static void end_unlink_async (struct ehci_hcd *ehci)
&& ehci->async->qh_next.qh == NULL) && ehci->async->qh_next.qh == NULL)
timer_action (ehci, TIMER_ASYNC_OFF); timer_action (ehci, TIMER_ASYNC_OFF);
} }
qh_put(qh); /* refcount from async list */
if (next) { if (next) {
ehci->reclaim = NULL; ehci->reclaim = NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册