Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 309692 Details for
Bug 450786
[Stratus 5.3 bug] kernel NULL pointer dereference at usbdev_read
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Same as before, but with locks
linux-2.6.18-81.el5-450786-04.diff (text/plain), 3.99 KB, created by
Pete Zaitcev
on 2008-06-18 05:13:42 UTC
(
hide
)
Description:
Same as before, but with locks
Filename:
MIME Type:
Creator:
Pete Zaitcev
Created:
2008-06-18 05:13:42 UTC
Size:
3.99 KB
patch
obsolete
>Same as 03, only with actual locking. > >diff -urp -X dontdiff linux-2.6.18-81.el5/drivers/usb/core/devio.c linux-2.6.18-81.el5-e1/drivers/usb/core/devio.c >--- linux-2.6.18-81.el5/drivers/usb/core/devio.c 2008-02-22 18:30:23.000000000 -0800 >+++ linux-2.6.18-81.el5-e1/drivers/usb/core/devio.c 2008-06-17 21:45:15.000000000 -0700 >@@ -532,6 +532,8 @@ static struct usb_device *usbdev_lookup_ > } > up(&usb_device_class->sem); > >+ if (dev->class_dev == NULL) >+ dev = NULL; > return dev; > }; > >@@ -1579,20 +1581,50 @@ struct file_operations usbfs_device_file > .release = usbdev_release, > }; > >+void usb_fs_classdev_common_remove(struct usb_device *udev) >+{ >+ struct dev_state *ps; >+ struct siginfo sinfo; >+ >+ while (!list_empty(&udev->filelist)) { >+ ps = list_entry(udev->filelist.next, struct dev_state, list); >+ wake_up_all(&ps->wait); >+ list_del_init(&ps->list); >+ if (ps->discsignr) { >+ sinfo.si_signo = ps->discsignr; >+ sinfo.si_errno = EPIPE; >+ sinfo.si_code = SI_ASYNCIO; >+ sinfo.si_addr = ps->disccontext; >+ kill_proc_info_as_uid(ps->discsignr, &sinfo, >+ ps->disc_pid, ps->disc_uid, >+ ps->disc_euid, ps->secid); >+ } >+ } >+} >+ > static void usbdev_add(struct usb_device *dev) > { > int minor = ((dev->bus->busnum-1) * 128) + (dev->devnum-1); >+ struct class_device *cl_dev; > >- dev->class_dev = class_device_create(usb_device_class, NULL, >+ mutex_lock(&usbfs_mutex); >+ cl_dev = class_device_create(usb_device_class, NULL, > MKDEV(USB_DEVICE_MAJOR, minor), &dev->dev, > "usbdev%d.%d", dev->bus->busnum, dev->devnum); >- >- dev->class_dev->class_data = dev; >+ if (!IS_ERR(cl_dev)) { >+ cl_dev->class_data = dev; >+ dev->class_dev = cl_dev; >+ } >+ mutex_unlock(&usbfs_mutex); > } > > static void usbdev_remove(struct usb_device *dev) > { >- class_device_unregister(dev->class_dev); >+ mutex_lock(&usbfs_mutex); >+ if (dev->class_dev) >+ class_device_unregister(dev->class_dev); >+ usb_fs_classdev_common_remove(dev); >+ mutex_unlock(&usbfs_mutex); > } > > static int usbdev_notify(struct notifier_block *self, unsigned long action, >diff -urp -X dontdiff linux-2.6.18-81.el5/drivers/usb/core/inode.c linux-2.6.18-81.el5-e1/drivers/usb/core/inode.c >--- linux-2.6.18-81.el5/drivers/usb/core/inode.c 2008-02-22 18:29:44.000000000 -0800 >+++ linux-2.6.18-81.el5-e1/drivers/usb/core/inode.c 2008-06-17 21:44:01.000000000 -0700 >@@ -43,6 +43,8 @@ > #include "usb.h" > #include "hcd.h" > >+extern struct mutex usbfs_mutex; >+ > static struct super_operations usbfs_ops; > static struct file_operations default_file_operations; > static struct vfsmount *usbfs_mount; >@@ -682,25 +684,13 @@ static void usbfs_add_device(struct usb_ > > static void usbfs_remove_device(struct usb_device *dev) > { >- struct dev_state *ds; >- struct siginfo sinfo; >- >+ mutex_lock(&usbfs_mutex); > if (dev->usbfs_dentry) { > fs_remove_file (dev->usbfs_dentry); > dev->usbfs_dentry = NULL; > } >- while (!list_empty(&dev->filelist)) { >- ds = list_entry(dev->filelist.next, struct dev_state, list); >- wake_up_all(&ds->wait); >- list_del_init(&ds->list); >- if (ds->discsignr) { >- sinfo.si_signo = ds->discsignr; >- sinfo.si_errno = EPIPE; >- sinfo.si_code = SI_ASYNCIO; >- sinfo.si_addr = ds->disccontext; >- kill_proc_info_as_uid(ds->discsignr, &sinfo, ds->disc_pid, ds->disc_uid, ds->disc_euid, ds->secid); >- } >- } >+ usb_fs_classdev_common_remove(dev); >+ mutex_unlock(&usbfs_mutex); > } > > static int usbfs_notify(struct notifier_block *self, unsigned long action, void *dev) >diff -urp -X dontdiff linux-2.6.18-81.el5/drivers/usb/core/usb.h linux-2.6.18-81.el5-e1/drivers/usb/core/usb.h >--- linux-2.6.18-81.el5/drivers/usb/core/usb.h 2008-02-22 18:29:35.000000000 -0800 >+++ linux-2.6.18-81.el5-e1/drivers/usb/core/usb.h 2008-06-17 21:48:30.000000000 -0700 >@@ -64,6 +64,7 @@ extern struct usb_driver usbfs_driver; > extern struct file_operations usbfs_devices_fops; > extern struct file_operations usbfs_device_file_operations; > extern void usbfs_conn_disc_event(void); >+extern void usb_fs_classdev_common_remove(struct usb_device *udev); > > extern int usbdev_init(void); > extern void usbdev_cleanup(void);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=309692">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 450786
:
308923
|
309101
|
309120
|
309142
|
309305
|
309692
|
310292
|
312710
|
312722
|
313707
|
313771