Hi,
this should fix:
4) try_module_get() is called with unprotected pointers
Please test. This is incremental to #1.
Regards
Oliver
--- a/drivers/usb/serial/usb-serial.c 2007-01-02 10:44:39.000000000 +0100
+++ b/drivers/usb/serial/usb-serial.c 2007-01-02 11:09:37.000000000 +0100
@@ -654,14 +654,17 @@
int num_ports = 0;
int max_endpoints;
+ lock_kernel(); /* guard against unloading a serial driver module */
type = search_serial_device(interface);
if (!type) {
+ unlock_kernel();
dbg("none matched");
return -ENODEV;
}
serial = create_serial (dev, interface, type);
if (!serial) {
+ unlock_kernel();
dev_err(&interface->dev, "%s - out of memory\n", __FUNCTION__);
return -ENOMEM;
}
@@ -671,6 +674,7 @@
const struct usb_device_id *id;
if (!try_module_get(type->driver.owner)) {
+ unlock_kernel();
dev_err(&interface->dev, "module get failed, exiting\n");
kfree (serial);
return -EIO;
@@ -681,6 +685,7 @@
module_put(type->driver.owner);
if (retval) {
+ unlock_kernel();
dbg ("sub driver rejected device");
kfree (serial);
return retval;
@@ -750,6 +755,7 @@
* properly during a later invocation of usb_serial_probe
*/
if (num_bulk_in == 0 || num_bulk_out == 0) {
+ unlock_kernel();
dev_info(&interface->dev, "PL-2303 hack: descriptors matched but endpoints did not\n");
kfree (serial);
return -ENODEV;
@@ -765,6 +771,7 @@
if (type == &usb_serial_generic_device) {
num_ports = num_bulk_out;
if (num_ports == 0) {
+ unlock_kernel();
dev_err(&interface->dev, "Generic device with no bulk out, not allowed.\n");
kfree (serial);
return -EIO;
@@ -775,6 +782,7 @@
/* if this device type has a calc_num_ports function, call it */
if (type->calc_num_ports) {
if (!try_module_get(type->driver.owner)) {
+ unlock_kernel();
dev_err(&interface->dev, "module get failed, exiting\n");
kfree (serial);
return -EIO;
@@ -800,6 +808,8 @@
max_endpoints = max(max_endpoints, num_interrupt_out);
max_endpoints = max(max_endpoints, (int)serial->num_ports);
serial->num_port_pointers = max_endpoints;
+ unlock_kernel();
+
dbg("%s - setting up %d port structures for this device", __FUNCTION__, max_endpoints);
for (i = 0; i < max_endpoints; ++i) {
port = kzalloc(sizeof(struct usb_serial_port), GFP_KERNEL);
@@ -1156,7 +1166,7 @@
set_to_generic_if_null(device, shutdown);
}
-int usb_serial_register(struct usb_serial_driver *driver)
+int usb_serial_register(struct usb_serial_driver *driver) /* must be called with BKL held */
{
int retval;
@@ -1180,7 +1190,7 @@
}
-void usb_serial_deregister(struct usb_serial_driver *device)
+void usb_serial_deregister(struct usb_serial_driver *device) /* must be called with BKL held */
{
info("USB Serial deregistering driver %s", device->description);
list_del(&device->driver_list);
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
