aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/core/devio.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/usb/core/devio.c')
-rw-r--r--drivers/usb/core/devio.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index b4265aa7d45e..487ff672b104 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -30,6 +30,8 @@
30 * Revision history 30 * Revision history
31 * 22.12.1999 0.1 Initial release (split from proc_usb.c) 31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own filesystem 32 * 04.01.2000 0.2 Turned into its own filesystem
33 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
34 * (CAN-2005-3055)
33 */ 35 */
34 36
35/*****************************************************************************/ 37/*****************************************************************************/
@@ -58,7 +60,8 @@ static struct class *usb_device_class;
58struct async { 60struct async {
59 struct list_head asynclist; 61 struct list_head asynclist;
60 struct dev_state *ps; 62 struct dev_state *ps;
61 struct task_struct *task; 63 pid_t pid;
64 uid_t uid, euid;
62 unsigned int signr; 65 unsigned int signr;
63 unsigned int ifnum; 66 unsigned int ifnum;
64 void __user *userbuffer; 67 void __user *userbuffer;
@@ -290,7 +293,8 @@ static void async_completed(struct urb *urb, struct pt_regs *regs)
290 sinfo.si_errno = as->urb->status; 293 sinfo.si_errno = as->urb->status;
291 sinfo.si_code = SI_ASYNCIO; 294 sinfo.si_code = SI_ASYNCIO;
292 sinfo.si_addr = as->userurb; 295 sinfo.si_addr = as->userurb;
293 send_sig_info(as->signr, &sinfo, as->task); 296 kill_proc_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
297 as->euid);
294 } 298 }
295 wake_up(&ps->wait); 299 wake_up(&ps->wait);
296} 300}
@@ -526,7 +530,9 @@ static int usbdev_open(struct inode *inode, struct file *file)
526 INIT_LIST_HEAD(&ps->async_completed); 530 INIT_LIST_HEAD(&ps->async_completed);
527 init_waitqueue_head(&ps->wait); 531 init_waitqueue_head(&ps->wait);
528 ps->discsignr = 0; 532 ps->discsignr = 0;
529 ps->disctask = current; 533 ps->disc_pid = current->pid;
534 ps->disc_uid = current->uid;
535 ps->disc_euid = current->euid;
530 ps->disccontext = NULL; 536 ps->disccontext = NULL;
531 ps->ifclaimed = 0; 537 ps->ifclaimed = 0;
532 wmb(); 538 wmb();
@@ -988,7 +994,9 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
988 as->userbuffer = NULL; 994 as->userbuffer = NULL;
989 as->signr = uurb->signr; 995 as->signr = uurb->signr;
990 as->ifnum = ifnum; 996 as->ifnum = ifnum;
991 as->task = current; 997 as->pid = current->pid;
998 as->uid = current->uid;
999 as->euid = current->euid;
992 if (!(uurb->endpoint & USB_DIR_IN)) { 1000 if (!(uurb->endpoint & USB_DIR_IN)) {
993 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) { 1001 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) {
994 free_async(as); 1002 free_async(as);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-16 21:50:51 -0500