| commit | 87d8d621cdd1c47d0dc19118081412d3f8178e72 | |
| author | Huajun Li <huajun.li.lee@gmail.com> | |
| Fri, 18 May 2012 12:12:51 +0000 (18 20:12 +0800) | ||
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| Fri, 1 Jun 2012 07:12:57 +0000 (1 15:12 +0800) | ||
| tree | bdd07621614e45a0b56927507e26af3619bba145 | treesnapshot (tar.gz zip) |
| parent | 2960d811d562540494c83b96e4ae4b6b11196016 | commitdiff |
USB: Remove races in devio.c
commit 4e09dcf20f7b5358615514c2ec8584b248ab8874 upstream.
There exist races in devio.c, below is one case,
and there are similar races in destroy_async()
and proc_unlinkurb(). Remove these races.
cancel_bulk_urbs() async_completed()
------------------- -----------------------
spin_unlock(&ps->lock);
list_move_tail(&as->asynclist,
&ps->async_completed);
wake_up(&ps->wait);
Lead to free_async() be triggered,
then urb and 'as' will be freed.
usb_unlink_urb(as->urb);
===> refer to the freed 'as'
Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Oncaphillis <oncaphillis@snafu.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4e09dcf20f7b5358615514c2ec8584b248ab8874 upstream.
There exist races in devio.c, below is one case,
and there are similar races in destroy_async()
and proc_unlinkurb(). Remove these races.
cancel_bulk_urbs() async_completed()
------------------- -----------------------
spin_unlock(&ps->lock);
list_move_tail(&as->asynclist,
&ps->async_completed);
wake_up(&ps->wait);
Lead to free_async() be triggered,
then urb and 'as' will be freed.
usb_unlink_urb(as->urb);
===> refer to the freed 'as'
Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Oncaphillis <oncaphillis@snafu.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| drivers/usb/core/devio.c | diffblobblamehistory |