usb: musb: host: fix for musb_start_urb Oops

when using musb_urb_enqueue to submit three urbs to the same endpoint, when
hep->hcpriv is NULL, qh will be allocated when the first urb is completed.

When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL.
Now the second urb get musb->lock and executes musb_schedule(), but
next_urb(qh) is NULL, so musb_start_urb will Oops.

[ balbi@ti.com : practically rewrote commit log so it makes sense ]

Signed-off-by: mayuzheng <myz147@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>

diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c
index 4bb717d..1ae378d 100644 (file)
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -2049,7 +2049,7 @@ static int musb_urb_enqueue(
         * we only have work to do in the former case.
         */
        spin_lock_irqsave(&musb->lock, flags);
-       if (hep->hcpriv) {
+       if (hep->hcpriv || !next_urb(qh)) {
                /* some concurrent activity submitted another urb to hep...
                 * odd, rare, error prone, but legal.
                 */