From a2fd814e6a9e172f7077b68a2a9391bbde777a92 Mon Sep 17 00:00:00 2001 From: Sergei Shtylyov Date: Sat, 21 Feb 2009 15:30:45 -0800 Subject: USB: musb: fix urb_dequeue() method The urb_dequeue() method forgets to unlink 'struct musb_qh' from the control or bulk schedules when the URB being cancelled is the only one queued to its endpoint. That will cause musb_advance_schedule() to block once it reaches 'struct musb_qh' with now empty URB list, so URBs queued for other endpoints after the one being dequeued will not be served. Fix by unlinking the QH from the list except when it's already being handled (typically by musb_giveback). Since a QH with an empty URB list is now supposed to be freed, do that. And remove a now-useless check from musb_advance_schedule(). [ dbrownell@users.sourceforge.net: update patch description, and fold in a dequeue() comment patch ] Signed-off-by: Sergei Shtylyov Signed-off-by: David Brownell Cc: Felipe Balbi Signed-off-by: Greg Kroah-Hartman --- drivers/usb/musb/musb_host.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c index b47ca948bcf..e32323938e9 100644 --- a/drivers/usb/musb/musb_host.c +++ b/drivers/usb/musb/musb_host.c @@ -432,7 +432,7 @@ musb_advance_schedule(struct musb *musb, struct urb *urb, else qh = musb_giveback(qh, urb, urb->status); - if (qh && qh->is_ready && !list_empty(&qh->hep->urb_list)) { + if (qh != NULL && qh->is_ready) { DBG(4, "... next ep%d %cX urb %p\n", hw_ep->epnum, is_in ? 'R' : 'T', next_urb(qh)); @@ -2038,9 +2038,9 @@ static int musb_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) goto done; /* Any URB not actively programmed into endpoint hardware can be - * immediately given back. Such an URB must be at the head of its + * immediately given back; that's any URB not at the head of an * endpoint queue, unless someday we get real DMA queues. And even - * then, it might not be known to the hardware... + * if it's at the head, it might not be known to the hardware... * * Otherwise abort current transfer, pending dma, etc.; urb->status * has already been updated. This is a synchronous abort; it'd be @@ -2079,6 +2079,15 @@ static int musb_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) qh->is_ready = 0; __musb_giveback(musb, urb, 0); qh->is_ready = ready; + + /* If nothing else (usually musb_giveback) is using it + * and its URB list has emptied, recycle this qh. + */ + if (ready && list_empty(&qh->hep->urb_list)) { + qh->hep->hcpriv = NULL; + list_del(&qh->ring); + kfree(qh); + } } else ret = musb_cleanup_urb(urb, qh, urb->pipe & USB_DIR_IN); done: -- cgit v1.2.3