Message ID | bc62efc8-77f5-3243-87a8-1a5bbfb6237a@gmx.de |
---|---|
State | Deferred |
Delegated to: | Tom Rini |
Headers | show |
Series | [RFC] musb_bulk_rx_nak_timeout() | expand |
On 4/5/21 2:06 AM, Heinrich Schuchardt wrote: > Hello Marek, Hi, > the code in musb_bulk_rx_nak_timeout() looks fishy: > > dma may be set to NULL and dereferenced afterwards. > > The following change would avoid the NULL dereference but I am not deep > enough into the code to evaluate what is intended here: > > diff --git a/drivers/usb/musb-new/musb_host.c > b/drivers/usb/musb-new/musb_host.c > index acb2d40f3b..f495a23d57 100644 > --- a/drivers/usb/musb-new/musb_host.c > +++ b/drivers/usb/musb-new/musb_host.c > @@ -1409,7 +1409,7 @@ static void musb_bulk_rx_nak_timeout(struct musb > *musb, struct musb_hw_ep *ep) > cur_qh = first_qh(&musb->in_bulk); > if (cur_qh) { > urb = next_urb(cur_qh); > - if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) { > + if (dma && dma_channel_status(dma) == > MUSB_DMA_STATUS_BUSY) { > dma->status = MUSB_DMA_STATUS_CORE_ABORT; > musb->dma_controller->channel_abort(dma); > urb->actual_length += dma->actual_len; > I don't have any musb hardware, expanding CC to people who might be able to take a look.
diff --git a/drivers/usb/musb-new/musb_host.c b/drivers/usb/musb-new/musb_host.c index acb2d40f3b..f495a23d57 100644 --- a/drivers/usb/musb-new/musb_host.c +++ b/drivers/usb/musb-new/musb_host.c @@ -1409,7 +1409,7 @@ static void musb_bulk_rx_nak_timeout(struct musb *musb, struct musb_hw_ep *ep) cur_qh = first_qh(&musb->in_bulk); if (cur_qh) { urb = next_urb(cur_qh); - if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) { + if (dma && dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) { dma->status = MUSB_DMA_STATUS_CORE_ABORT;