[RFC] musb_bulk_rx_nak_timeout()
Heinrich Schuchardt
xypron.glpk at gmx.de
Mon Apr 5 02:06:10 CEST 2021
Hello Marek,
the code in musb_bulk_rx_nak_timeout() looks fishy:
dma may be set to NULL and dereferenced afterwards.
The following change would avoid the NULL dereference but I am not deep
enough into the code to evaluate what is intended here:
diff --git a/drivers/usb/musb-new/musb_host.c
b/drivers/usb/musb-new/musb_host.c
index acb2d40f3b..f495a23d57 100644
--- a/drivers/usb/musb-new/musb_host.c
+++ b/drivers/usb/musb-new/musb_host.c
@@ -1409,7 +1409,7 @@ static void musb_bulk_rx_nak_timeout(struct musb
*musb, struct musb_hw_ep *ep)
cur_qh = first_qh(&musb->in_bulk);
if (cur_qh) {
urb = next_urb(cur_qh);
- if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
+ if (dma && dma_channel_status(dma) ==
MUSB_DMA_STATUS_BUSY) {
dma->status = MUSB_DMA_STATUS_CORE_ABORT;
musb->dma_controller->channel_abort(dma);
urb->actual_length += dma->actual_len;
Best regards
Heinrich
More information about the U-Boot
mailing list