Hi,
there's a race condition between close and disconnect in that driver
leading to a possible double kfree(). It can be prevented by use of a
semaphore.
Regards
Oliver
You can import this changeset into BK by piping this whole message to:
'| bk receive [path to repository]' or apply the patch as usual.
===================================================================
[EMAIL PROTECTED], 2004-03-18 18:08:35+01:00, [EMAIL PROTECTED]
- fix disconnect race
ati_remote.c | 21 ++++++++++++++++++---
1 files changed, 18 insertions(+), 3 deletions(-)
diff -Nru a/drivers/usb/input/ati_remote.c b/drivers/usb/input/ati_remote.c
--- a/drivers/usb/input/ati_remote.c Thu Mar 18 18:09:18 2004
+++ b/drivers/usb/input/ati_remote.c Thu Mar 18 18:09:18 2004
@@ -139,6 +139,9 @@
*/
#define FILTER_TIME (HZ >> 4)
+/* to protect disconnect and open/close */
+static DECLARE_MUTEX(ati_disc_open_lock);
+
struct ati_remote {
struct input_dev idev;
struct usb_device *udev;
@@ -301,9 +304,11 @@
static int ati_remote_open(struct input_dev *inputdev)
{
struct ati_remote *ati_remote = inputdev->private;
+ int rv = 0;
+ down(&ati_disc_open_lock);
if (ati_remote->open++)
- return 0;
+ goto finish;
/* On first open, submit the read urb which was set up previously. */
ati_remote->irq_urb->dev = ati_remote->udev;
@@ -311,10 +316,13 @@
dev_err(&ati_remote->interface->dev,
"%s: usb_submit_urb failed!\n", __FUNCTION__);
ati_remote->open--;
- return -EIO;
+ rv = -EIO;
}
- return 0;
+finish:
+ up(&ati_disc_open_lock);
+
+ return rv;
}
/*
@@ -329,6 +337,8 @@
return;
}
+ /* mutual exclusion to disconnect */
+ down(&ati_disc_open_lock);
if (ati_remote->open <= 0)
dev_dbg(&ati_remote->interface->dev, "%s: Not open.\n", __FUNCTION__);
else
@@ -337,6 +347,8 @@
/* If still present, disconnect will call delete. */
if (!ati_remote->present && !ati_remote->open)
ati_remote_delete(ati_remote);
+
+ up(&ati_disc_open_lock);
}
/*
@@ -805,12 +817,15 @@
input_unregister_device(&ati_remote->idev);
+ down(&ati_disc_open_lock);
/* Mark device as unplugged */
ati_remote->present = 0;
/* If device is still open, ati_remote_close will call delete. */
if (!ati_remote->open)
ati_remote_delete(ati_remote);
+
+ up(&ati_disc_open_lock);
}
/*
===================================================================
This BitKeeper patch contains the following changesets:
1.1182
## Wrapped with gzip_uu ##
begin 664 bkpatch6241
M'XL(`+[764```[55?VO;,!#]V_H4!X71M<269/E'7#*ZM6$+VVCI6ABL(ZBV
M$IO:4I#DM`-_^,D.=-UHTVZLMD%&=_?NW=/#WH$+(W3FJ;I:"XUVX(,R-O/<
M>],[EMAIL PROTECTED]<*Z%,$%=R=:,J!\AEW7*;5Z""YK,
M(WYXMV-_K$3FG4W?7WQZ>X;09`)')9=+\458F$R057K-Z\(<<EO62OI6<VD:
M8;F?JZ:[2^THQM3=$4E"',4=B3%+NIP4A'!&1($I2V.&-O0.'YCC=RB&0Y*2
MB(YITD4)B6-T#,0G)[EMAIL PROTECTED]@RG61CM8Y)A#(]#PSZ!$4;OX/_.<H1R
M&,&BNH6B,KF24N06-,\%^@@]YPB=_I([EMAIL PROTECTED]
MORVU6'[O"MW/:X+67`657+4VX+:::]$H*_Q\([EMAIL PROTECTED];LQ8,;X2
M?,P6+.%BBV;/@N_/*,&[EMAIL PROTECTED]"PN+!/-OK!D>]X$3;#/;<B9SK2-K1&"=T<%W\
MI^7HLRR7PBA\(<]5TFI5M+D`#D8T?%4J+5PG6&FQ%M*Z[=Z'<"7LC1#ROC^Y
M+$"MA`SR6IG!J</)G<!(WPR/<][I$X?X#UZ>[EMAIL PROTECTED],'>AJ6#<5P>I05[`3+6
MM<SA>'KD/DO3^>>+\^G7W9Y%7S7O<^>URJ]?'Z!+-`MQ"`1Y3A?0:[EMAIL PROTECTED]/NCW
M6+]7J!NY^^K!PN,0QRYEMED\;ZD<N44E*U/V0<*&X+!XWH`[FLY.AE"R"27`
[EMAIL PROTECTED]>J3/)?*TL*V6CEQ/+"1`D>>T:%K;\AK$;5ZWIE*R%^>>*$Z%+?2]
M'FG<(VUI/4MQ\H0*LY2$/<HVF+N?15Z*_-JTS61,DBN14H9^`KF_F;[EMAIL PROTECTED]
`
end
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
