Re: [PATCH] USB: EHCI: adjust ehci_iso_stream for changes in ehci_qh

Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> · Mon, 1 Mar 2010 11:35:14 -0500 (EST)

On Mon, 1 Mar 2010, Clemens Ladisch wrote:

> [PATCH] USB: EHCI: adjust ehci_iso_stream for changes in ehci_qh
> 
> The EHCI driver stores in usb_host_endpoint.hcpriv a pointer to either
> an ehci_qh or an ehci_iso_stream structure, and uses the contents of the
> hw_info1 field to distinguish the two cases.
> 
> After ehci_qh was split into hw and sw parts, ehci_iso_stream must also
> be adjusted so that it again looks like an ehci_qh structure.
> 
> This fixes a NULL pointer access in ehci_endpoint_disable() when it
> tries to access qh->hw->hw_info1.
> 
> Signed-off-by: Clemens Ladisch <clemens@xxxxxxxxxx>
> Reported-by: Colin Fletcher <colin.m.fletcher@xxxxxxxxxxxxxx>
> Cc: <stable@xxxxxxxxxx>
> ---
>  drivers/usb/host/ehci-hcd.c   |    2 +-
>  drivers/usb/host/ehci-sched.c |    4 ++--
>  drivers/usb/host/ehci.h       |    5 ++---
>  3 files changed, 5 insertions(+), 6 deletions(-)
> 
> --- a/drivers/usb/host/ehci.h
> +++ b/drivers/usb/host/ehci.h
> @@ -394,9 +394,8 @@ struct ehci_iso_sched {
>   * acts like a qh would, if EHCI had them for ISO.
>   */
>  struct ehci_iso_stream {
> -	/* first two fields match QH, but info1 == 0 */
> -	__hc32			hw_next;
> -	__hc32			hw_info1;
> +	/* first field matches ehci_hq, but is NULL */
> +	struct ehci_qh_hw	*hw;
>  
>  	u32			refcount;
>  	u8			bEndpointAddress;
> --- a/drivers/usb/host/ehci-hcd.c
> +++ b/drivers/usb/host/ehci-hcd.c
> @@ -995,7 +995,7 @@ rescan:
>  	/* endpoints can be iso streams.  for now, we don't
>  	 * accelerate iso completions ... so spin a while.
>  	 */
> -	if (qh->hw->hw_info1 == 0) {
> +	if (qh->hw == NULL) {
>  		ehci_vdbg (ehci, "iso delay\n");
>  		goto idle_timeout;
>  	}
> --- a/drivers/usb/host/ehci-sched.c
> +++ b/drivers/usb/host/ehci-sched.c
> @@ -1121,8 +1121,8 @@ iso_stream_find (struct ehci_hcd *ehci, struct urb *urb)
>  					urb->interval);
>  		}
>  
> -	/* if dev->ep [epnum] is a QH, info1.maxpacket is nonzero */
> -	} else if (unlikely (stream->hw_info1 != 0)) {
> +	/* if dev->ep [epnum] is a QH, hw is set */
> +	} else if (unlikely (stream->hw != NULL)) {
>  		ehci_dbg (ehci, "dev %s ep%d%s, not iso??\n",
>  			urb->dev->devpath, epnum,
>  			usb_pipein(urb->pipe) ? "in" : "out");

Much better, thank you!

Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html