aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOliver Neukum <oliver@neukum.org>2009-02-12 07:17:52 -0500
committerJiri Kosina <jkosina@suse.cz>2009-03-30 09:12:52 -0400
commite43bd67d721bccbfe144c0b586b0ab3a2a157968 (patch)
tree89e8209365c30266166f0155cccc8a80d41922ea
parent6f4303fb2ec68055e793b84887a7ae0f9ea7cc2d (diff)
HID: fix race between usb_register_dev() and hiddev_open()
upon further thought this code is still racy. retval = usb_register_dev(usbhid->intf, &hiddev_class); here you open a window during which open can happen if (retval) { err_hid("Not able to get a minor for this device."); hid->hiddev = NULL; kfree(hiddev); return -1; } else { hid->minor = usbhid->intf->minor; hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev; and will fail because hiddev_table hasn't been updated The obvious fix of using a mutex to guard hiddev_table doesn't work because usb_open() and usb_register_dev() take minor_rwsem and we'd have an AB-BA deadlock. We need a lock usb_open() also takes in the right order and that leaves only one option, BKL. I don't like it but I see no alternative. Once the usb_open() implements something better than lock_kernel(), we could also do so. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat
-rw-r--r--drivers/hid/usbhid/hiddev.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index aa214170baf4..93dcb7e29102 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -875,16 +875,21 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
875 hiddev->hid = hid; 875 hiddev->hid = hid;
876 hiddev->exist = 1; 876 hiddev->exist = 1;
877 877
878 /* when lock_kernel() usage is fixed in usb_open(),
879 * we could also fix it here */
880 lock_kernel();
878 retval = usb_register_dev(usbhid->intf, &hiddev_class); 881 retval = usb_register_dev(usbhid->intf, &hiddev_class);
879 if (retval) { 882 if (retval) {
880 err_hid("Not able to get a minor for this device."); 883 err_hid("Not able to get a minor for this device.");
881 hid->hiddev = NULL; 884 hid->hiddev = NULL;
885 unlock_kernel();
882 kfree(hiddev); 886 kfree(hiddev);
883 return -1; 887 return -1;
884 } else { 888 } else {
885 hid->minor = usbhid->intf->minor; 889 hid->minor = usbhid->intf->minor;
886 hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev; 890 hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
887 } 891 }
892 unlock_kernel();
888 893
889 return 0; 894 return 0;
890} 895}
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 01:32:03 -0500