projects / openwrt / staging / dedeckeh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
brcm2708: update to latest patches from RPi foundation
[openwrt/staging/dedeckeh.git] / target / linux / brcm2708 / patches-4.19 / 950-0779-dwc_otg-checking-the-urb-transfer_buffer-too-early-3.patch
diff --git a/target/linux/brcm2708/patches-4.19/950-0779-dwc_otg-checking-the-urb-transfer_buffer-too-early-3.patch b/target/linux/brcm2708/patches-4.19/950-0779-dwc_otg-checking-the-urb-transfer_buffer-too-early-3.patch
new file mode 100644 (file)
index 0000000..8a28f73
--- /dev/null
+++ b/target/linux/brcm2708/patches-4.19/950-0779-dwc_otg-checking-the-urb-transfer_buffer-too-early-3.patch
@@ -0,0 +1,59 @@
+From 2a15e634d80f78cf2d8aa16ecf0f3cf930e277b4 Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Sun, 17 Nov 2019 10:31:46 +0800
+Subject: [PATCH] dwc_otg: checking the urb->transfer_buffer too early
+ (#3332)
+
+After enable the HIGHMEM and VMSPLIT_3G, the dwc_otg driver doesn't
+work well on Pi2/3 boards with 1G physical ram. Users experience
+the failure when copying a file of 600M size to the USB stick. And
+at the same time, the dmesg shows:
+usb 1-1.1.2: reset high-speed USB device number 8 using dwc_otg
+sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
+blk_update_request: I/O error, dev sda, sector 3024048 op 0x1:(WRITE) flags 0x4000 phys_seg 15 prio class 0
+
+When this happens, the sg_buf sent to the driver is located in the
+highmem region, the usb_sg_init() in the core/message.c will leave
+transfer_buffer to NULL if the sg_buf is in highmem, but in the
+dwc_otg driver, it returns -EINVAL unconditionally if transfer_buffer
+is NULL.
+
+The driver can handle the situation of buffer to be NULL, if it is in
+DMA mode, it will convert an address from transfer_dma.
+
+But if the conversion fails or it is in the PIO mode, we should check
+buffer and return -EINVAL if it is NULL.
+
+BugLink: https://bugs.launchpad.net/bugs/1852510
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+---
+ drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
++++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
+@@ -821,10 +821,6 @@ static int dwc_otg_urb_enqueue(struct us
+               dump_urb_info(urb, "dwc_otg_urb_enqueue");
+       }
+ #endif
+-
+-      if (!urb->transfer_buffer && urb->transfer_buffer_length)
+-              return -EINVAL;
+-
+       if ((usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
+           || (usb_pipetype(urb->pipe) == PIPE_INTERRUPT)) {
+               if (!dwc_otg_hcd_is_bandwidth_allocated
+@@ -881,6 +877,13 @@ static int dwc_otg_urb_enqueue(struct us
+                             &urb->transfer_dma, buf);
+       }
++      if (!buf && urb->transfer_buffer_length) {
++              DWC_FREE(dwc_otg_urb);
++              DWC_ERROR("transfer_buffer is NULL in PIO mode or both "
++                         "transfer_buffer and transfer_dma are NULL in DMA mode\n");
++              return -EINVAL;
++      }
++
+       if (!(urb->transfer_flags & URB_NO_INTERRUPT))
+               flags |= URB_GIVEBACK_ASAP;
+       if (urb->transfer_flags & URB_ZERO_PACKET)
Staging tree of dedeckeh