HID: fix race between open() and disconnect() in usbhid - kernel

diff options

author	Oliver Neukum <[email protected]>	2008-03-31 14:27:30 +0000
committer	Jiri Kosina <[email protected]>	2008-04-22 09:34:58 +0000
commit	69626f23bce6521367ac1e6a2a6e8fba8f0a848a (patch)
tree	46342a02c79e0e69a1c1eed1239944c4f952b13c /net/unix/af_unix.c
parent	HID: make hid_input_field and usbhid_modify_dquirk static (diff)
download	kernel-69626f23bce6521367ac1e6a2a6e8fba8f0a848a.tar.gz kernel-69626f23bce6521367ac1e6a2a6e8fba8f0a848a.zip

HID: fix race between open() and disconnect() in usbhid

There is a window: task A task B spin_lock_irq(&usbhid->inlock); /* Sync with error handler */ usb_set_intfdata(intf, NULL); spin_unlock_irq(&usbhid->inlock); usb_kill_urb(usbhid->urbin); usb_kill_urb(usbhid->urbout); usb_kill_urb(usbhid->urbctrl); del_timer_sync(&usbhid->io_retry); cancel_work_sync(&usbhid->reset_work); if (!hid->open++) { res = usb_autopm_get_interface(usbhid->intf); if (res < 0) { hid->open--; return -EIO; } } if (hid_start_in(hid)) if (hid->claimed & HID_CLAIMED_INPUT) hidinput_disconnect(hid); in which an open() to an already disconnected device will submit an URB to an undead device. In case disconnect() was called by an ioctl, this'll oops. Fix by introducing a new flag and checking it in hid_start_in(). Signed-off-by: Oliver Neukum <[email protected]> Signed-off-by: Jiri Kosina <[email protected]>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: