On Wed, Aug 20, 2014 at 03:06:28PM -0400, Alan Stern wrote:
> On Wed, 20 Aug 2014, Felipe Balbi wrote:
>
> > On Tue, Jul 15, 2014 at 10:07:40PM +0800, Li Jun wrote:
> > > This patch try to dequeue the cdev->req to guarantee the request is not queued
> > > before free it.
> > >
> > > Signed-off-by: Li Jun <b47624@xxxxxxxxxxxxx>
> > > ---
> > > drivers/usb/gadget/composite.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
> > > index f801519..6935a82 100644
> > > --- a/drivers/usb/gadget/composite.c
> > > +++ b/drivers/usb/gadget/composite.c
> > > @@ -1956,6 +1956,7 @@ void composite_dev_cleanup(struct usb_composite_dev *cdev)
> > > }
> > > if (cdev->req) {
> > > kfree(cdev->req->buf);
> > > + usb_ep_dequeue(cdev->gadget->ep0, cdev->req);
> >
> > it's best to dequeue the request before freeing its buffer.
>
> In fact, it's best to wait for the request's completion routine to be
> called before freeing the buffer. The hardware can access the buffer's
> memory at any time before the completion routine runs.
dequeue should cause the transfer to be cancelled and given back.
There's a slight possible race window because we release the controller
lock in order to call gadget driver's ->complete().
Other than that, it should be fine. No ?
--
balbi
Attachment:
signature.asc
Description: Digital signature
