USB: fix USB boot crash, ecm_do_notify(), list_add corruption. prev->next should...
authorDavid Brownell <dbrownell@users.sourceforge.net>
Sat, 26 Jul 2008 15:06:24 +0000 (08:06 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Thu, 14 Aug 2008 00:32:47 +0000 (17:32 -0700)
This fixes a BUG() turned up by Ingo via randconfig testing, where
CONFIG_LIST_DEBUG turned up list corruption.  The corruption was
caused by the dummy_hcd (single-machine test harness for gadget and
HCD code) trashing the request queue when driven by the new CDC
composite gadget an I/O pattern that was previously uncommon.
Fix suggested by Alan Stern.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/gadget/dummy_hcd.c

index 21d1406af9ee04f8e07d3afe0b073fd6df02bdaf..7600a0c787532fab60362fa9c912f7e702a8fcaa 100644 (file)
@@ -542,13 +542,14 @@ dummy_queue (struct usb_ep *_ep, struct usb_request *_req,
                req->req.context = dum;
                req->req.complete = fifo_complete;
 
+               list_add_tail(&req->queue, &ep->queue);
                spin_unlock (&dum->lock);
                _req->actual = _req->length;
                _req->status = 0;
                _req->complete (_ep, _req);
                spin_lock (&dum->lock);
-       }
-       list_add_tail (&req->queue, &ep->queue);
+       }  else
+               list_add_tail(&req->queue, &ep->queue);
        spin_unlock_irqrestore (&dum->lock, flags);
 
        /* real hardware would likely enable transfers here, in case