usb: musb: host: fix for musb_start_urb Oops
when using musb_urb_enqueue to submit three urbs to the same endpoint, when
hep->hcpriv is NULL, qh will be allocated when the first urb is completed.
When the IRQ completes the next two urbs, qh->hep->hcpriv will be set to NULL.
Now the second urb get musb->lock and executes musb_schedule(), but
next_urb(qh) is NULL, so musb_start_urb will Oops.
[ balbi@ti.com : practically rewrote commit log so it makes sense ]
Signed-off-by: mayuzheng <myz147@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c
index 4bb717d..1ae378d 100644
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -2049,7 +2049,7 @@
* we only have work to do in the former case.
*/
spin_lock_irqsave(&musb->lock, flags);
- if (hep->hcpriv) {
+ if (hep->hcpriv || !next_urb(qh)) {
/* some concurrent activity submitted another urb to hep...
* odd, rare, error prone, but legal.
*/