The logic in dwc2_hcd_qtd_add() was a bit messy, and one of the error exit paths was broken. Fix it up. Signed-off-by: Paul Zimmerman <paulz@xxxxxxxxxxxx> --- drivers/staging/dwc2/hcd_queue.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/staging/dwc2/hcd_queue.c b/drivers/staging/dwc2/hcd_queue.c index b36f783..5461e3b 100644 --- a/drivers/staging/dwc2/hcd_queue.c +++ b/drivers/staging/dwc2/hcd_queue.c @@ -197,6 +197,9 @@ static struct dwc2_qh *dwc2_hcd_qh_create(struct dwc2_hsotg *hsotg, { struct dwc2_qh *qh; + if (!urb->priv) + return NULL; + /* Allocate memory */ qh = kzalloc(sizeof(*qh), mem_flags); if (!qh) @@ -638,7 +641,7 @@ int dwc2_hcd_qtd_add(struct dwc2_hsotg *hsotg, struct dwc2_qtd *qtd, struct dwc2_hcd_urb *urb = qtd->urb; unsigned long flags; int allocated = 0; - int retval = 0; + int retval; /* * Get the QH which holds the QTD-list to insert to. Create QH if it @@ -652,8 +655,19 @@ int dwc2_hcd_qtd_add(struct dwc2_hsotg *hsotg, struct dwc2_qtd *qtd, } spin_lock_irqsave(&hsotg->lock, flags); + retval = dwc2_hcd_qh_add(hsotg, *qh); - if (retval && allocated) { + if (retval) + goto fail; + + qtd->qh = *qh; + list_add_tail(&qtd->qtd_list_entry, &(*qh)->qtd_list); + spin_unlock_irqrestore(&hsotg->lock, flags); + + return 0; + +fail: + if (allocated) { struct dwc2_qtd *qtd2, *qtd2_tmp; struct dwc2_qh *qh_tmp = *qh; @@ -668,8 +682,6 @@ int dwc2_hcd_qtd_add(struct dwc2_hsotg *hsotg, struct dwc2_qtd *qtd, spin_unlock_irqrestore(&hsotg->lock, flags); dwc2_hcd_qh_free(hsotg, qh_tmp); } else { - qtd->qh = *qh; - list_add_tail(&qtd->qtd_list_entry, &(*qh)->qtd_list); spin_unlock_irqrestore(&hsotg->lock, flags); } -- 1.8.2.rc0.16.g20a599e -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html