Hello Greg Kroah-Hartman:
in drivers/usb/renesas_usbhs/mod_host.c, in function usbhsh_queue_done:
get ureq from pkt, by using the macro usbhsh_pkt_to_ureq (at line 637)
pkt is the sub-object of ureq (line 73..76, line 157..158)
free ureq, by calling function usbhsh_ureq_free (at line 655)
use kfree to free ureq in function usbhsh_ureq_free (line 184..191)
originally ureq is call kzalloc in function usbhsh_ureq_alloc (line 171..179)
so pkt also free, too.
still use pkt, by calling function usbhsh_endpoint_sequence_save (at line 657)
use pkt->zero in funcion usbhsh_endpoint_sequence_save (at line 243)
I find it through code review, please help to check this suggestion whether valid.
if it was valid:
I prefer the relative member to provide relative patch.
if can not find relative member, I should try (although it seems not a good idea)
Regards
gchen.
73 struct usbhsh_request {
74 struct urb *urb;
75 struct usbhs_pkt pkt;
76 };
77
...
157 #define usbhsh_pkt_to_ureq(p) \
158 container_of((void *)p, struct usbhsh_request, pkt)
...
163 static struct usbhsh_request *usbhsh_ureq_alloc(struct usbhsh_hpriv *hpriv,
164 struct urb *urb,
165 gfp_t mem_flags)
166 {
167 struct usbhsh_request *ureq;
168 struct usbhs_priv *priv = usbhsh_hpriv_to_priv(hpriv);
169 struct device *dev = usbhs_priv_to_dev(priv);
170
171 ureq = kzalloc(sizeof(struct usbhsh_request), mem_flags);
172 if (!ureq) {
173 dev_err(dev, "ureq alloc fail\n");
174 return NULL;
175 }
176
177 usbhs_pkt_init(&ureq->pkt);
178 ureq->urb = urb;
179 usbhsh_urb_to_ureq(urb) = ureq;
180
181 return ureq;
182 }
183
184 static void usbhsh_ureq_free(struct usbhsh_hpriv *hpriv,
185 struct usbhsh_request *ureq)
186 {
187 usbhsh_urb_to_ureq(ureq->urb) = NULL;
188 ureq->urb = NULL;
189
190 kfree(ureq);
191 }
...
211 static void usbhsh_endpoint_sequence_save(struct usbhsh_hpriv *hpriv,
212 struct urb *urb,
213 struct usbhs_pkt *pkt)
214 {
215 int len = urb->actual_length;
216 int maxp = usb_endpoint_maxp(&urb->ep->desc);
217 int t = 0;
218
219 /* DCP is out of sequence control */
220 if (usb_pipecontrol(urb->pipe))
221 return;
222
223 /*
224 * renesas_usbhs pipe has a limitation in a number.
225 * So, driver should re-use the limited pipe for each device/endpoint.
226 * DATA0/1 sequence should be saved for it.
227 * see [image of mod_host]
228 * [HARDWARE LIMITATION]
229 */
230
231 /*
232 * next sequence depends on actual_length
233 *
234 * ex) actual_length = 1147, maxp = 512
235 * data0 : 512
236 * data1 : 512
237 * data0 : 123
238 * data1 is the next sequence
239 */
240 t = len / maxp;
241 if (len % maxp)
242 t++;
243 if (pkt->zero)
244 t++;
245 t %= 2;
246
247 if (t)
248 usb_dotoggle(urb->dev,
249 usb_pipeendpoint(urb->pipe),
250 usb_pipeout(urb->pipe));
251 }
...
635 static void usbhsh_queue_done(struct usbhs_priv *priv, struct usbhs_pkt *pkt)
636 {
637 struct usbhsh_request *ureq = usbhsh_pkt_to_ureq(pkt);
638 struct usbhsh_hpriv *hpriv = usbhsh_priv_to_hpriv(priv);
639 struct usb_hcd *hcd = usbhsh_hpriv_to_hcd(hpriv);
640 struct urb *urb = ureq->urb;
641 struct device *dev = usbhs_priv_to_dev(priv);
642 int status = 0;
643
644 dev_dbg(dev, "%s\n", __func__);
645
646 if (!urb) {
647 dev_warn(dev, "pkt doesn't have urb\n");
648 return;
649 }
650
651 if (!usbhsh_is_running(hpriv))
652 status = -ESHUTDOWN;
653
654 urb->actual_length = pkt->actual;
655 usbhsh_ureq_free(hpriv, ureq);
656
657 usbhsh_endpoint_sequence_save(hpriv, urb, pkt);
658 usbhsh_pipe_detach(hpriv, usbhsh_ep_to_uep(urb->ep));
659
660 usb_hcd_unlink_urb_from_ep(hcd, urb);
661 usb_hcd_giveback_urb(hcd, urb, status);
662 }
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
