xhci: Fix transfer ring expansion size calculation
The amount of new TRBs needed is calculated incorrectly when expanding a
transfer ring.
The room_on_ring() helper will correctly report that the ring needs
expansion if the enqueue pointer is about to reach the dequeue segment.
If enqueue reaches the dequeue segment then there is no easy way
to expand the ring by adding new segments between enqueue and dequeue.
This leads to ring expansion even if num_trbs_free is larger than
num_trbs we are queueing.
As a result we try to store a negative number in a unsigned int, leading
to a huge percieved trb need, and doubling of ring size.
Rework and rename the room_on_ring() to a helper that checks if ring
needs expansion, and return number of new segments needed. Don't rely on
the tracked ring->num_trbs_free value as turns out it has been unreliable.
Use ring enqueue and dequeue positions to determine expansion need.
The unsigned int issue was first reported first Chao zeng, and a bit
later seen in a real world bug.
Reported-by: chao zeng <chao.zengup@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217242
Tested-by: Miller Hunter <MillerH@hearthnhome.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Message-ID: <
20230602144009.
1225632-7-mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
projects / linux.git / commit