When pannic occurs,
PC is at dwc_otg_hcd_urb_enqueue+0x118/0x184
LR is at dwc_otg_hcd_urb_enqueue+0xf4/0x184
There may be more than one threads running function
dwc_otg_hcd_urb_enqueue().So we should use a spinlock to protect the
dwc_otg_qh_t struct against a use-after-free bug.
DWC_ERROR("DWC OTG HCD URB Enqueue failed creating QTD\n");
return -DWC_E_NO_MEMORY;
}
-
+ DWC_SPINLOCK_IRQSAVE(hcd->lock, &flags);
retval =
dwc_otg_hcd_qtd_add(qtd, hcd, (dwc_otg_qh_t **) ep_handle,
atomic_alloc);
- DWC_SPINLOCK_IRQSAVE(hcd->lock, &flags);
if (retval < 0) {
DWC_ERROR("DWC OTG HCD URB Enqueue failed adding QTD. "
"Error status %d\n", retval);
int atomic_alloc)
{
int retval = 0;
- dwc_irqflags_t flags;
dwc_otg_hcd_urb_t *urb = qtd->urb;
}
}
qtd->qh = *qh;
- DWC_SPINLOCK_IRQSAVE(hcd->lock, &flags);
retval = dwc_otg_hcd_qh_add(hcd, *qh);
if (retval == 0) {
DWC_CIRCLEQ_INSERT_TAIL(&((*qh)->qtd_list), qtd,
qtd_list_entry);
}
- DWC_SPINUNLOCK_IRQRESTORE(hcd->lock, flags);
done:
projects / firefly-linux-kernel-4.4.55.git / commitdiff