Commit 8ccef0df authored by Alan Stern's avatar Alan Stern Committed by Greg Kroah-Hartman

USB: Fix off-by-1 error in the scatter-gather library

The loop in usb_sg_wait() is structured in a way that makes it hard to
tell, when the loop exits, whether or not the last URB submission
succeeded.  This patch (as928) changes it from a "for" loop to a
"while" loop and keeps "i" always equal to the number of successful
submissions.  This fixes an off-by-one error which can show up when
the first URB submission fails.

The patch also removes a couple of lines that initialize fields which
don't need to be initialized.
Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent cfa59dab
...@@ -404,8 +404,6 @@ int usb_sg_init ( ...@@ -404,8 +404,6 @@ int usb_sg_init (
io->urbs [i]->complete = sg_complete; io->urbs [i]->complete = sg_complete;
io->urbs [i]->context = io; io->urbs [i]->context = io;
io->urbs [i]->status = -EINPROGRESS;
io->urbs [i]->actual_length = 0;
/* /*
* Some systems need to revert to PIO when DMA is temporarily * Some systems need to revert to PIO when DMA is temporarily
...@@ -499,7 +497,8 @@ void usb_sg_wait (struct usb_sg_request *io) ...@@ -499,7 +497,8 @@ void usb_sg_wait (struct usb_sg_request *io)
/* queue the urbs. */ /* queue the urbs. */
spin_lock_irq (&io->lock); spin_lock_irq (&io->lock);
for (i = 0; i < entries && !io->status; i++) { i = 0;
while (i < entries && !io->status) {
int retval; int retval;
io->urbs [i]->dev = io->dev; io->urbs [i]->dev = io->dev;
...@@ -516,7 +515,6 @@ void usb_sg_wait (struct usb_sg_request *io) ...@@ -516,7 +515,6 @@ void usb_sg_wait (struct usb_sg_request *io)
case -ENOMEM: case -ENOMEM:
io->urbs[i]->dev = NULL; io->urbs[i]->dev = NULL;
retval = 0; retval = 0;
i--;
yield (); yield ();
break; break;
...@@ -527,6 +525,7 @@ void usb_sg_wait (struct usb_sg_request *io) ...@@ -527,6 +525,7 @@ void usb_sg_wait (struct usb_sg_request *io)
* URBs are queued at once; N milliseconds? * URBs are queued at once; N milliseconds?
*/ */
case 0: case 0:
++i;
cpu_relax (); cpu_relax ();
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment