[RFC] musb_bulk_rx_nak_timeout()
Marek Vasut
marex at denx.de
Mon Apr 5 14:33:00 CEST 2021
On 4/5/21 2:06 AM, Heinrich Schuchardt wrote:
> Hello Marek,
Hi,
> the code in musb_bulk_rx_nak_timeout() looks fishy:
>
> dma may be set to NULL and dereferenced afterwards.
>
> The following change would avoid the NULL dereference but I am not deep
> enough into the code to evaluate what is intended here:
>
> diff --git a/drivers/usb/musb-new/musb_host.c
> b/drivers/usb/musb-new/musb_host.c
> index acb2d40f3b..f495a23d57 100644
> --- a/drivers/usb/musb-new/musb_host.c
> +++ b/drivers/usb/musb-new/musb_host.c
> @@ -1409,7 +1409,7 @@ static void musb_bulk_rx_nak_timeout(struct musb
> *musb, struct musb_hw_ep *ep)
> cur_qh = first_qh(&musb->in_bulk);
> if (cur_qh) {
> urb = next_urb(cur_qh);
> - if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
> + if (dma && dma_channel_status(dma) ==
> MUSB_DMA_STATUS_BUSY) {
> dma->status = MUSB_DMA_STATUS_CORE_ABORT;
> musb->dma_controller->channel_abort(dma);
> urb->actual_length += dma->actual_len;
>
I don't have any musb hardware, expanding CC to people who might be able
to take a look.
More information about the U-Boot
mailing list