From: Michal Pecio Date: Wed, 3 Jun 2026 09:11:20 +0000 (+0300) Subject: usb: xhci: Simplify xhci_quiesce() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f232db53c265467293123ccc02cf52793bca9cdd;p=thirdparty%2Fkernel%2Flinux.git usb: xhci: Simplify xhci_quiesce() The function reads USBCMD, clears some bits and writes it back. Its treatment of the Run bit is weird: the bit is usually written as 0, as we would expect, but it may also be written as 1 if both its current value and USBSTS.HCHalted are observed as 1. Per xHCI 5.4.2, HCHalted is 0 whenever Run is 1, so the above can only happen due to buggy HW or SW, e.g. concurrent xhci_quiesce() and xhci_start() execution. It's unclear why we should treat such cases specially and write the bit as 1. The logic comes from original PoC implementation and has never been explained. Just write 0 every time, which looks like the safer choice when the intent is to stop the xHC. We could get in trouble if clearing Run causes some very broken xHC to start running after it was halted, but no such case has been documented. It seems the logic was just poorly thought out. Signed-off-by: Michal Pecio Signed-off-by: Mathias Nyman Link: https://patch.msgid.link/20260603091132.1110849-4-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index a54f5b57f205..0bf0446b4c87 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -102,17 +102,10 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) */ void xhci_quiesce(struct xhci_hcd *xhci) { - u32 halted; u32 cmd; - u32 mask; - - mask = ~(XHCI_IRQS); - halted = readl(&xhci->op_regs->status) & STS_HALT; - if (!halted) - mask &= ~CMD_RUN; cmd = readl(&xhci->op_regs->command); - cmd &= mask; + cmd &= ~(CMD_RUN | XHCI_IRQS); writel(cmd, &xhci->op_regs->command); }