提交 3067779b 编写于 作者: Y yuzheng ma 提交者: Felipe Balbi

usb: musb: host: fix for musb_start_urb Oops

when using musb_urb_enqueue to submit three urbs to the same endpoint, when
hep->hcpriv is NULL, qh will be allocated when the first urb is completed.

When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL.
Now the second urb get musb->lock and executes musb_schedule(), but
next_urb(qh) is NULL, so musb_start_urb will Oops.

[ balbi@ti.com : practically rewrote commit log so it makes sense ]
Signed-off-by: Nmayuzheng <myz147@gmail.com>
Signed-off-by: NFelipe Balbi <balbi@ti.com>
上级 3b9c1c5b
......@@ -2049,7 +2049,7 @@ static int musb_urb_enqueue(
* we only have work to do in the former case.
*/
spin_lock_irqsave(&musb->lock, flags);
if (hep->hcpriv) {
if (hep->hcpriv || !next_urb(qh)) {
/* some concurrent activity submitted another urb to hep...
* odd, rare, error prone, but legal.
*/
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册