From 9191eee7b8a0e18c07c06d6da502706805cab6d2 Mon Sep 17 00:00:00 2001 From: Sarah Sharp Date: Thu, 27 Aug 2009 14:36:14 -0700 Subject: [PATCH] USB: xhci: Don't touch xhci_td after it's freed. On a successful transfer, urb->td is freed before the URB is ready to be given back to the driver. Don't touch urb->td after it's freed. This bug would have only shown up when xHCI debugging was turned on, and the freed memory was quickly reused for something else. Signed-off-by: Sarah Sharp Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/host/xhci-ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 2eadf06..4142c04 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1193,7 +1193,7 @@ cleanup: if (urb) { usb_hcd_unlink_urb_from_ep(xhci_to_hcd(xhci), urb); xhci_dbg(xhci, "Giveback URB %p, len = %d, status = %d\n", - urb, td->urb->actual_length, status); + urb, urb->actual_length, status); spin_unlock(&xhci->lock); usb_hcd_giveback_urb(xhci_to_hcd(xhci), urb, status); spin_lock(&xhci->lock); -- 1.8.2.3