Commit Graph

5 Commits

Author SHA1 Message Date
Alan Stern
d4ead16f50 USB: prevent char device open/deregister race
This patch (as908) adds central protection in usbcore for the
prototypical race between opening and unregistering a char device.
The spinlock used to protect the minor-numbers array is replaced with
an rwsem, which can remain locked across a call to a driver's open()
method.  This guarantees that open() and deregister() will be mutually
exclusive.

The private locks currently used in several individual drivers for
this purpose are no longer necessary, and the patch removes them.  The
following USB drivers are affected: usblcd, idmouse, auerswald,
legousbtower, sisusbvga/sisusb, ldusb, adutux, iowarrior, and
usb-skeleton.

As a side effect of this change, usb_deregister_dev() must not be
called while holding a lock that is acquired by open().  Unfortunately
a number of drivers do this, but luckily the solution is simple: call
usb_deregister_dev() before acquiring the lock.

In addition to these changes (and their consequent code
simplifications), the patch fixes a use-after-free bug in adutux and a
race between open() and release() in iowarrior.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-07-12 16:29:48 -07:00
Oliver Neukum
fc0f8fc9be USB: memory leak in iowarrior.c
this is a classical memory leak in the ioctl handler. The buffer is simply
never freed. This fixes it the obvious way.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-06-25 23:38:05 -07:00
Eberhard Fahle
147c5a1733 USB: iowarrior.c: timeouts too small in usb_control_msg calls
The driver uses usb_control_msg() for exchanging data with the device.
When the driver lived freeley _outside_ the kernel tree (pre 2.6.21) the
timeouts for these calls where set to 5*HZ for reading, 1HZ for writing.
(These timeouts seemed to work fine for all users of the driver, at
least nobody complained in the last 2 years.

The current code (2.6.21-rc5) removed the 'HZ' from the timeouts and
left the driver with 5 jiffies for reading and 1 jiffy for writing. My
new machine is fast, but not that fast.

The patch also removes a useless debug statement, which was left over
from testing a broken firmware version

From: Eberhard Fahle <e.fahle@wayoda.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-04-27 13:28:43 -07:00
Oliver Neukum
f81ee4d528 USB: iowarrior.c: fix NULL dereference
Am Montag, 19. 2007 10:25 schrieb Adrian Bunk:
> The Coverity checker spotted the following NULL dereference:

And this fixes an oops upon allocation failures.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-04-27 13:28:36 -07:00
Greg Kroah-Hartman
946b960d13 USB: add driver for iowarrior devices.
The ioctl is commented out for now, until we verify some userspace
application issues.

Cc: Christian Lucht <lucht@codemercs.com>
Cc: Robert Marquardt <marquardt@codemercs.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-02-23 15:03:45 -08:00