From 9ffc237e5d245d9eda21b10b82dab448ec920620 Mon Sep 17 00:00:00 2001 From: P33M Date: Wed, 9 Jan 2013 16:12:04 +0000 Subject: [PATCH 044/196] dwc_otg: fix bug in dwc_otg_hcd.c resulting in silent kernel memory corruption, escalating to OOPS under high USB load. --- drivers/usb/host/dwc_otg/dwc_otg_hcd.c | 2 -- drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/host/dwc_otg/dwc_otg_hcd.c b/drivers/usb/host/dwc_otg/dwc_otg_hcd.c index 2b7945a..d5c94f4 100644 --- a/drivers/usb/host/dwc_otg/dwc_otg_hcd.c +++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd.c @@ -500,8 +500,6 @@ int dwc_otg_hcd_urb_enqueue(dwc_otg_hcd_t * hcd, DWC_ERROR("DWC OTG HCD URB Enqueue failed adding QTD. " "Error status %d\n", retval); dwc_otg_hcd_qtd_free(qtd); - } else { - qtd->qh = *ep_handle; } intr_mask.d32 = DWC_READ_REG32(&hcd->core_if->core_global_regs->gintmsk); if (!intr_mask.b.sofintr && retval == 0) { diff --git a/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c b/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c index e6b2a7b..b337e1b 100644 --- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c +++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c @@ -946,6 +946,7 @@ int dwc_otg_hcd_qtd_add(dwc_otg_qtd_t * qtd, if (retval == 0) { DWC_CIRCLEQ_INSERT_TAIL(&((*qh)->qtd_list), qtd, qtd_list_entry); + qtd->qh = *qh; } DWC_SPINUNLOCK_IRQRESTORE(hcd->lock, flags); -- 1.9.1