On Tuesday 18 November 2008, Anton Vorontsov wrote:
> + spin_lock_irqsave(&udc->lock, flags);
> + ret = __qe_ep_queue(_ep, _req, gfp_flags);
> + spin_unlock_irqrestore(&udc->lock, flags);
Why are you passing "gfp_flags"? Especially without
checking ... GFP_KERNEL will be illegal
The call chain is this:
qe_udc_irq() <- grabs the udc->lock spinlock
rx_irq()
qe_ep0_rx()
ep0_setup_handle()
setup_received_handle()
ch9getstatus()
qe_ep_queue() <- tries to grab the udc->lock again
It seems unsafe to temporarily drop the lock in the ch9getstatus(),
so to fix that bug the lock-le
