CHROMIUM: usb: ehci: Fix potential use-after-free by the eHC in disable_periodic()
Changes to the Periodic Schedule Enable bit in EHCI only take effect on
the next frame boundary. When the kernel disables the periodic schedule,
it immediately frees all isochronous transfer descriptors, even though
the eHC might still be using them. This seems to mostly cause problems
with split transaction descriptors since they take a long time to
complete.
This patch fixes the issue by waiting for the Periodic Schedule Status
bit to go low. It resolves a bug that was observed by using a Logitech
headset (046d:0a0c, FullSpeed) on an s5p-ehci controller and going into
suspend-to-ram while audio is playing (the host controller would
occasionally die by setting the Host System Error bit in the suspend
path, presumably due to DMAing an invalid siTD).
This whole section has been largely rewritten between 3.4 and 3.8, and
the new implementation looks like it should wait long enough by default.
Let's just put this into our 3.4 tree and forget about it.
BUG=chrome-os-partner:23118
TEST=Watch the "Nyan Cat 10 hours (original)" video on YouTube on a
Spring with a FullSpeed USB headset and simultaneously start the
power_SuspendStress.bareDaily test on it. Sit there listening to make
sure the audio always comes back to the headset for as long as you can
endure (I think gabeblack has set the record at over 8 hours...).
Original-Change-Id: I9be135fabe20bbfde16ac815347a28fc5c27c811
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/172375
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
(cherry picked from commit 8bf696ecf2f54fce543f4569a0cf95c6edf77325)
Change-Id: I24c5ff411f33149ed229a23b360347cf5d759ac0
Reviewed-on: https://chromium-review.googlesource.com/172667
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
1 file changed
