USB: ehci potential oops fix on ARC/TDI cores
authorDavid Brownell <david-b@pacbell.net>
Wed, 19 Dec 2007 19:30:39 +0000 (11:30 -0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 1 Feb 2008 22:34:58 +0000 (14:34 -0800)
Kernel bugzilla entry #9569 reports a potential OOPS in some code
supporting the integrated root hub TT support used on ARC/TDI
derived cores.  (This seems to have been a longstanding issue.)

This patch cleans up usage of urb->dev->tt to avoid that potential
oops and also fixes some overly long lines.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/host/ehci-q.c

index 853e5e6396a5ea72f6cae3cfcfd669fed046bc08..776a97f33914e05511bc85dcdced2b4febe6a89b 100644 (file)
@@ -198,7 +198,8 @@ static int qtd_copy_status (
 
                /* if async CSPLIT failed, try cleaning out the TT buffer */
                if (status != -EPIPE
-                               && urb->dev->tt && !usb_pipeint (urb->pipe)
+                               && urb->dev->tt
+                               && !usb_pipeint(urb->pipe)
                                && ((token & QTD_STS_MMF) != 0
                                        || QTD_CERR(token) == 0)
                                && (!ehci_is_TDI(ehci)
@@ -211,6 +212,9 @@ static int qtd_copy_status (
                                urb->dev->ttport, urb->dev->devnum,
                                usb_pipeendpoint (urb->pipe), token);
 #endif /* DEBUG */
+                       /* REVISIT ARC-derived cores don't clear the root
+                        * hub TT buffer in this way...
+                        */
                        usb_hub_tt_clear_buffer (urb->dev, urb->pipe);
                }
        }
@@ -638,6 +642,7 @@ qh_make (
        u32                     info1 = 0, info2 = 0;
        int                     is_input, type;
        int                     maxp = 0;
+       struct usb_tt           *tt = urb->dev->tt;
 
        if (!qh)
                return qh;
@@ -661,8 +666,9 @@ qh_make (
         * For control/bulk requests, the HC or TT handles these.
         */
        if (type == PIPE_INTERRUPT) {
-               qh->usecs = NS_TO_US (usb_calc_bus_time (USB_SPEED_HIGH, is_input, 0,
-                               hb_mult (maxp) * max_packet (maxp)));
+               qh->usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH,
+                               is_input, 0,
+                               hb_mult(maxp) * max_packet(maxp)));
                qh->start = NO_FRAME;
 
                if (urb->dev->speed == USB_SPEED_HIGH) {
@@ -680,7 +686,6 @@ qh_make (
                                goto done;
                        }
                } else {
-                       struct usb_tt   *tt = urb->dev->tt;
                        int             think_time;
 
                        /* gap is f(FS/LS transfer times) */
@@ -736,10 +741,8 @@ qh_make (
                /* set the address of the TT; for TDI's integrated
                 * root hub tt, leave it zeroed.
                 */
-               if (!ehci_is_TDI(ehci)
-                               || urb->dev->tt->hub !=
-                                       ehci_to_hcd(ehci)->self.root_hub)
-                       info2 |= urb->dev->tt->hub->devnum << 16;
+               if (tt && tt->hub != ehci_to_hcd(ehci)->self.root_hub)
+                       info2 |= tt->hub->devnum << 16;
 
                /* NOTE:  if (PIPE_INTERRUPT) { scheduler sets c-mask } */