Commit 158886cd authored by Andiry Xu's avatar Andiry Xu Committed by Sarah Sharp

xHCI: fix bug in xhci_clear_command_ring()

When system enters suspend, xHCI driver clears command ring by writing zero
to all the TRBs. However, this also writes zero to the Link TRB, and the ring
is mangled. This may cause driver accesses wrong memory address and the
result is unpredicted.

When clear the command ring, keep the last Link TRB intact, only clear its
cycle bit. This should fix the "command ring full" issue reported by Oliver
Neukum.

This should be backported to stable kernels as old as 2.6.37, since the
commit 89821320 "xhci: Fix command ring replay after resume" is merged.
Signed-off-by: default avatarAndiry Xu <andiry.xu@amd.com>
Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
Reported-by: default avatarOliver Neukum <oneukum@suse.de>
parent 6414e94c
...@@ -711,7 +711,10 @@ static void xhci_clear_command_ring(struct xhci_hcd *xhci) ...@@ -711,7 +711,10 @@ static void xhci_clear_command_ring(struct xhci_hcd *xhci)
ring = xhci->cmd_ring; ring = xhci->cmd_ring;
seg = ring->deq_seg; seg = ring->deq_seg;
do { do {
memset(seg->trbs, 0, SEGMENT_SIZE); memset(seg->trbs, 0,
sizeof(union xhci_trb) * (TRBS_PER_SEGMENT - 1));
seg->trbs[TRBS_PER_SEGMENT - 1].link.control &=
cpu_to_le32(~TRB_CYCLE);
seg = seg->next; seg = seg->next;
} while (seg != ring->deq_seg); } while (seg != ring->deq_seg);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment