Re: question on end_unlink_async

Yuping Luo <lypingsh@xxxxxxxxx> · Fri, 22 Jan 2010 21:59:44 +0800

No need, since  end_unlink_async() only got called when reclaim is not
NULL, please check the file ehci-hcd.c.

regards,
Yuping Luo

On Fri, Jan 22, 2010 at 5:16 PM, jidong xiao <jidong.xiao@xxxxxxxxx> wrote:
> Hi,
>
> I am reading the source code of drivers/usb/host/ehci-q.c, and
> following is the source code of function end_unlink_async().
>
> My question is, is there a potential NULL pointer dereference issue in
> this function, I mean, in line 1136 we get 'qh', but if this pointer
> is NULL, then when we run line 1142 and the lines after that, we may
> encounter NULL pointer dereference issue. I guess we have to ensure
> if(qh!=NULL) it true before we do any operation with its member.
>
> Regards
> Jason
>
>   1132 /* the async qh for the qtds being reclaimed are now unlinked
> from the HC */
>   1133
>   1134 static void end_unlink_async (struct ehci_hcd *ehci)
>   1135 {
>   1136         struct ehci_qh          *qh = ehci->reclaim;
>   1137         struct ehci_qh          *next;
>   1138
>   1139         iaa_watchdog_done(ehci);
>   1140
>   1141         // qh->hw_next = cpu_to_hc32(qh->qh_dma);
>   1142         qh->qh_state = QH_STATE_IDLE;
>   1143         qh->qh_next.qh = NULL;
>   1144         qh_put (qh);                    // refcount from reclaim
>   1145
>   1146         /* other unlink(s) may be pending (in QH_STATE_UNLINK_WAIT) */
>   1147         next = qh->reclaim;
>   1148         ehci->reclaim = next;
>   1149         qh->reclaim = NULL;
>   1150
>   1151         qh_completions (ehci, qh);
>   1152
>   1153         if (!list_empty (&qh->qtd_list)
>   1154                         && HC_IS_RUNNING (ehci_to_hcd(ehci)->state))
>   1155                 qh_link_async (ehci, qh);
>   1156         else {
>   1157                 /* it's not free to turn the async schedule
> on/off; leave it
>   1158                  * active but idle for a while once it empties.
>   1159                  */
>   1160                 if (HC_IS_RUNNING (ehci_to_hcd(ehci)->state)
>   1161                                 && ehci->async->qh_next.qh == NULL)
>   1162                         timer_action (ehci, TIMER_ASYNC_OFF);
>   1163         }
>   1164         qh_put(qh);                     /* refcount from async list */
>   1165
>   1166         if (next) {
>   1167                 ehci->reclaim = NULL;
>   1168                 start_unlink_async (ehci, next);
>   1169         }
>   1170 }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html