From: Jason He <[email protected]> According to device mode spec, the ACTIVE status field of dtds should be check to determine whether the transfers completed successfully. However, this is not implemented in handle_ep_complete. When two EPs are enabled and transferring, EPa requests with multiple dtds and EPb request with one dtd. Irq is triggred on EPb. The udc_irq handler finds both EPb's and EPa's ENDPTCOMPLETE=1 while not all of EPa's dtds have been completed. Because ACTIVE status is not checked, this case causes crash in ci_udc driver.
Signed-off-by: Jason He <[email protected]> Signed-off-by: Ye Li <[email protected]> --- drivers/usb/gadget/ci_udc.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/usb/gadget/ci_udc.c b/drivers/usb/gadget/ci_udc.c index 0baad83ef90..53796887dac 100644 --- a/drivers/usb/gadget/ci_udc.c +++ b/drivers/usb/gadget/ci_udc.c @@ -733,6 +733,17 @@ static void handle_ep_complete(struct ci_ep *ci_ep) ci_invalidate_qtd(num); ci_req = list_first_entry(&ci_ep->queue, struct ci_req, queue); + /* Check all dtd are completed, otherwise return for next irq process */ + next_td = item; + for (j = 0; j < ci_req->dtd_count; j++) { + ci_invalidate_td(next_td); + if (next_td->info & INFO_ACTIVE) + return; + if (j != ci_req->dtd_count - 1) + next_td = (struct ept_queue_item *)(unsigned long) + next_td->next; + } + next_td = item; len = 0; for (j = 0; j < ci_req->dtd_count; j++) { -- 2.37.1
