usb: dwc2: Fix NULL qh in dwc2_queue_transaction

When a usb device disconnects in a certain way, dwc2_queue_transaction
still gets called after dwc2_hcd_cleanup_channels.

dwc2_hcd_cleanup_channels does "channel->qh = NULL;" but
dwc2_queue_transaction still wants to dereference qh.
This adds a check for a null qh.

Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
[dianders: rebased to mainline]
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
index 81afe55..b90f858 100644 (file)
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -2824,7 +2824,7 @@ static int dwc2_queue_transaction(struct dwc2_hsotg *hsotg,
                list_move_tail(&chan->split_order_list_entry,
                               &hsotg->split_order);
 
-       if (hsotg->params.host_dma) {
+       if (hsotg->params.host_dma && chan->qh) {
                if (hsotg->params.dma_desc_enable) {
                        if (!chan->xfer_started ||
                            chan->ep_type == USB_ENDPOINT_XFER_ISOC) {