From 3067779b1566ae5fb6af40f03ae874ac47035523 Mon Sep 17 00:00:00 2001 From: yuzheng ma Date: Wed, 15 Aug 2012 16:11:40 +0800 Subject: [PATCH] usb: musb: host: fix for musb_start_urb Oops when using musb_urb_enqueue to submit three urbs to the same endpoint, when hep->hcpriv is NULL, qh will be allocated when the first urb is completed. When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL. Now the second urb get musb->lock and executes musb_schedule(), but next_urb(qh) is NULL, so musb_start_urb will Oops. [ balbi@ti.com : practically rewrote commit log so it makes sense ] Signed-off-by: mayuzheng Signed-off-by: Felipe Balbi --- drivers/usb/musb/musb_host.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c index 4bb717d..1ae378d 100644 --- a/drivers/usb/musb/musb_host.c +++ b/drivers/usb/musb/musb_host.c @@ -2049,7 +2049,7 @@ static int musb_urb_enqueue( * we only have work to do in the former case. */ spin_lock_irqsave(&musb->lock, flags); - if (hep->hcpriv) { + if (hep->hcpriv || !next_urb(qh)) { /* some concurrent activity submitted another urb to hep... * odd, rare, error prone, but legal. */ -- 2.7.4