UPSTREAM: usb: dwc2: host: fix use of qtd after free in desc dma mode
When completing non isoc xfer, dwc2_complete_non_isoc_xfer_ddma()
is relying on qtd->n_desc to process the corresponding number of
descriptors.
During the processing of these descriptors, qtd could be unlinked
and freed if xfer is done and urb is no more in progress.
In this case, dwc2_complete_non_isoc_xfer_ddma() will read again
qtd->n_desc whereas qtd has been freed. This will lead to unpredictable
results since qtd->n_desc is no more valid value.
To avoid this error, return a result != 0 in dwc2_process_non_isoc_desc(),
so that dwc2_complete_non_isoc_xfer_ddma() stops desc processing.
This has been seen with Slub debug enabled.
Change-Id: I375ddf56fbf4b4e19610d24891491868872d0e84
Acked-by: John Youn <johnyoun@synopsys.com>
Signed-off-by: Gregory Herrero <gregory.herrero@intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit
26a19ea699060fded98257e65b0ae5272a5ea1da)
projects / firefly-linux-kernel-4.4.55.git / commit