On 9/14/23 1:06 PM, Sergey Shtylyov wrote:
[...]
>> When multiple threads are performing USB transmission, musb->lock will be
>> unlocked when musb_giveback is executed. At this time, qh may be released
>> in the dequeue process in other threads, resulting in a wild pointer, so
>> it needs to be here get qh again, and judge whether qh is NULL, and when
>> dequeue, you need to set qh to NULL.
>>
>> Fixes: dbac5d07d13e ("usb: musb: host: don't start next rx urb if current one failed")
>> Signed-off-by: Xingxing Luo <xingxing.luo@xxxxxxxxxx>
>> ---
>> drivers/usb/musb/musb_host.c | 9 ++++++++-
>> 1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c
>> index a02c29216955..9df27db5847a 100644
>> --- a/drivers/usb/musb/musb_host.c
>> +++ b/drivers/usb/musb/musb_host.c
>> @@ -321,10 +321,16 @@ static void musb_advance_schedule(struct musb *musb, struct urb *urb,
>> musb_giveback(musb, urb, status);
>> qh->is_ready = ready;
>>
>> + /*
>> + * musb->lock had been unlocked in musb_giveback, so somtimes qh
>
> Sometimes?
>
>> + * may freed, need get it again
+ * may be freed, need to get it again
Overlooked it in the 1st review, sorry...
[...]
MBR, Sergey
