On Fri, Apr 27, 2007 at 10:49:32PM +0100, Alan Cox wrote: (please CC: me on patches that I submitted, I missed this...)
> Unless there is something I'm missing most of these patches seem totally > unsafe. Hm, no, they were using a lock that was never being used by the core, thereby protecting nothing. > > --- a/drivers/usb/core/devices.c > > +++ b/drivers/usb/core/devices.c > > @@ -246,7 +246,6 @@ static char *usb_dump_interface_descriptor(char *start, > > char *end, > > > > if (start > end) > > return start; > > - down_read(&usb_bus_type.subsys.rwsem); > > if (iface) { > > driver_name = (iface->dev.driver > > ? iface->dev.driver->name > > iface->dev.driver can now become NULL during the evaluation above All of the USB stuff is already covered by a different lock, see the linux-usb-devel list for when I originally proposed this patch (also CC:ed to verify I didn't miss anything...) > > @@ -444,8 +441,6 @@ static int releaseintf(struct dev_state *ps, unsigned > > int ifnum) > > if (ifnum >= 8*sizeof(ps->ifclaimed)) > > return err; > > dev = ps->dev; > > - /* lock against other changes to driver bindings */ > > - down_write(&usb_bus_type.subsys.rwsem); > > intf = usb_ifnum_to_if(dev, ifnum); > > if (!intf) > > err = -ENOENT; > > @@ -453,7 +448,6 @@ static int releaseintf(struct dev_state *ps, unsigned > > int ifnum) > > usb_driver_release_interface(&usbfs_driver, intf); > > Which takes iface->dev.driver to NULL > > > err = 0; > > } > > - up_write(&usb_bus_type.subsys.rwsem); > > return err; > > } > > > > @@ -813,7 +807,6 @@ static int proc_getdriver(struct dev_state *ps, void > > __user *arg) > > > > if (copy_from_user(&gd, arg, sizeof(gd))) > > return -EFAULT; > > - down_read(&usb_bus_type.subsys.rwsem); > > intf = usb_ifnum_to_if(ps->dev, gd.interface); > > if (!intf || !intf->dev.driver) > > ret = -ENODATA; > > Ditto ... thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/