tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

USB: xhci: Handle babbling endpoints correctly.

The 0.95 xHCI spec says that non-control endpoints will be halted if a
babble is detected on a transfer. The 0.96 xHCI spec says all types of
endpoints will be halted when a babble is detected. Some hardware that
claims to be 0.95 compliant halts the control endpoint anyway.

When a babble is detected on a control endpoint, check the hardware's
output endpoint context to see if the endpoint is marked as halted. If
the control endpoint is halted, a reset endpoint command must be issued
and the transfer ring dequeue pointer needs to be moved past the stopped
transfer. Basically, we treat it as if the control endpoint had stalled.

Handle bulk babbling endpoints as if we got a completion event with a
stall completion code.

Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Sarah Sharp and committed by
Greg Kroah-Hartman 83fbcdcc 66d1eebc

+14 -2
+14 -2
drivers/usb/host/xhci-ring.c
··· 993 993 xhci_warn(xhci, "WARN: short transfer on control ep\n"); 994 994 status = -EREMOTEIO; 995 995 break; 996 + case COMP_BABBLE: 997 + /* The 0.96 spec says a babbling control endpoint 998 + * is not halted. The 0.96 spec says it is. Some HW 999 + * claims to be 0.95 compliant, but it halts the control 1000 + * endpoint anyway. Check if a babble halted the 1001 + * endpoint. 1002 + */ 1003 + if (ep_ctx->ep_info != EP_STATE_HALTED) 1004 + break; 1005 + /* else fall through */ 996 1006 case COMP_STALL: 997 1007 /* Did we transfer part of the data (middle) phase? */ 998 1008 if (event_trb != ep_ring->dequeue && ··· 1147 1137 ep_ring->stopped_td = td; 1148 1138 ep_ring->stopped_trb = event_trb; 1149 1139 } else { 1150 - if (GET_COMP_CODE(event->transfer_len) == COMP_STALL) { 1140 + if (trb_comp_code == COMP_STALL || 1141 + trb_comp_code == COMP_BABBLE) { 1151 1142 /* The transfer is completed from the driver's 1152 1143 * perspective, but we need to issue a set dequeue 1153 1144 * command for this stalled endpoint to move the dequeue ··· 1179 1168 * control endpoints). 1180 1169 */ 1181 1170 if (usb_endpoint_xfer_control(&urb->ep->desc) || 1182 - GET_COMP_CODE(event->transfer_len) != COMP_STALL) { 1171 + (trb_comp_code != COMP_STALL && 1172 + trb_comp_code != COMP_BABBLE)) { 1183 1173 kfree(td); 1184 1174 } 1185 1175 urb->hcpriv = NULL;