On Sun, 10 Apr 2011, Gabor Juhos wrote:
> A Synopsys USB core used in various SoCs has a bug which might cause
> that the host controller not issuing ping.
>
> When software uses the Doorbell mechanism to remove queue heads, the
> host controller still has references to the removed queue head even
> after indicating an Interrupt on Async Advance. This happens if the last
> executed queue head's Next Link queue head is removed.
>
> Consequences of the defect:
> The Host controller fetches the removed queue head, using memory that
> would otherwise be deallocated.This results in incorrect transactions on
> both the USB and system memory. This may result in undefined behavior.
> --- a/drivers/usb/host/ehci-q.c
> +++ b/drivers/usb/host/ehci-q.c
> @@ -1183,6 +1183,9 @@ static void end_unlink_async (struct ehci_hcd *ehci)
> ehci->reclaim = NULL;
> start_unlink_async (ehci, next);
> }
> +
> + if (ehci->has_synopsys_hc_bug)
> + writel((u32)ehci->async->qh_dma, &ehci->regs->async_next);
> }
This should be ehci_writel(ehci, ...).
Alan Stern
|