usb: musb: host: fix for musb_start_urb Oops

when using musb_urb_enqueue to submit three urbs to the same endpoint, when hep->hcpriv is NULL, qh will be allocated when the first urb is completed. When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL. Now the second urb get musb->lock and executes musb_schedule(), but next_urb(qh) is NULL, so musb_start_urb will Oops. [ balbi@ti.com : practically rewrote commit log so it makes sense ] Signed-off-by: mayuzheng <myz147@gmail.com> Signed-off-by: Felipe Balbi <balbi@ti.com>

usb: musb: host: fix for musb_start_urb Oops
when using musb_urb_enqueue to submit three urbs to the same endpoint, when hep->hcpriv is NULL, qh will be allocated when the first urb is completed. When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL. Now the second urb get musb->lock and executes musb_schedule(), but next_urb(qh) is NULL, so musb_start_urb will Oops. [ balbi@ti.com : practically rewrote commit log so it makes sense ] Signed-off-by: mayuzheng <myz147@gmail.com> Signed-off-by: Felipe Balbi <balbi@ti.com>
3067779b · yuzheng ma · Felipe Balbi · 3b9c1c5b · 3067779b
Commit 3067779b authored Aug 15, 2012 by yuzheng ma Committed by Felipe Balbi Sep 06, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/usb/musb/musb_host.c drivers/usb/musb/musb_host.c +1 -1

No files found.
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -2049,7 +2049,7 @@ static int musb_urb_enqueue(
 	 * we only have work to do in the former case.
 	 */
 	spin_lock_irqsave(&musb->lock, flags);
-	if (hep->hcpriv) {
+	if (hep->hcpriv || !next_urb(qh)) {
 		/* some concurrent activity submitted another urb to hep...
 		 * odd, rare, error prone, but legal.
 		 */