android_kernel_xiaomi_sm8350/drivers
Oliver Neukum 69626f23bc HID: fix race between open() and disconnect() in usbhid
There is a window:

task A					task B
spin_lock_irq(&usbhid->inlock);	/* Sync with error handler */
usb_set_intfdata(intf, NULL);
spin_unlock_irq(&usbhid->inlock);
usb_kill_urb(usbhid->urbin);
usb_kill_urb(usbhid->urbout);
usb_kill_urb(usbhid->urbctrl);

del_timer_sync(&usbhid->io_retry);
cancel_work_sync(&usbhid->reset_work);

						if (!hid->open++) {
							res = usb_autopm_get_interface(usbhid->intf);
							if (res < 0) {
								hid->open--;
								return -EIO;
							}
						}
						if (hid_start_in(hid))

if (hid->claimed & HID_CLAIMED_INPUT)
	hidinput_disconnect(hid);

in which an open() to an already disconnected device will submit an URB
to an undead device. In case disconnect() was called by an ioctl, this'll
oops. Fix by introducing a new flag and checking it in hid_start_in().

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2008-04-22 11:34:58 +02:00
..
acorn/char
acpi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/juhl/trivial 2008-04-21 16:36:46 -07:00
amba
ata Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6 2008-04-21 15:49:58 -07:00
atm drivers/atm: use time_before, time_before_eq, etc 2008-04-19 18:14:50 -07:00
auxdisplay
base Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6 2008-04-21 15:49:58 -07:00
block Merge branch 'for-2.6.26' of git://git.kernel.dk/linux-2.6-block 2008-04-21 16:03:40 -07:00
bluetooth hci_usb: remove code obfuscation 2008-04-19 18:17:26 -07:00
cdrom cdrom: use kmalloced buffers instead of buffers on stack 2008-04-21 09:50:08 +02:00
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/juhl/trivial 2008-04-21 16:36:46 -07:00
clocksource
connector
cpufreq
cpuidle
crypto [CRYPTO] padlock-aes: Use generic setkey function 2008-04-21 10:19:34 +08:00
dca
dio
dma DMA engine: typo fixes 2008-04-21 22:38:45 +00:00
edac
eisa
firewire Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
firmware Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6 2008-04-21 15:49:58 -07:00
gpio
hid HID: fix race between open() and disconnect() in usbhid 2008-04-22 11:34:58 +02:00
hwmon
i2c Merge branch 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-04-21 15:41:27 -07:00
ide cdrom: make unregister_cdrom() return void 2008-04-21 09:50:08 +02:00
ieee1394 Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
infiniband IB/ipath: Correct capitalization "IntX" -> "INTx" 2008-04-21 18:19:15 -07:00
input Merge branch 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-04-21 15:41:27 -07:00
isdn Merge branch 'irq-cleanups-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6 2008-04-21 15:56:19 -07:00
leds Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6 2008-04-21 15:49:58 -07:00
lguest drivers: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:16:32 -04:00
macintosh Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
mca
md RAID: remove trailing space from printk line 2008-04-21 22:42:58 +00:00
media Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/juhl/trivial 2008-04-21 16:36:46 -07:00
memstick memstick: convert struct class_device to struct device 2008-04-19 19:10:29 -07:00
message SCSI: convert struct class_device to struct device 2008-04-19 19:10:33 -07:00
mfd Merge branch 'semaphore' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-04-21 15:41:27 -07:00
misc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/juhl/trivial 2008-04-21 16:36:46 -07:00
mmc
mtd Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-04-21 15:50:49 -07:00
net Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-04-21 15:50:49 -07:00
nubus
of [POWERPC] i2c: Fix build breakage introduced by OF helpers 2008-04-20 13:03:35 +10:00
oprofile
parisc PCI: remove parisc consumer of the pci global_list 2008-04-20 21:47:01 -07:00
parport avr32: don't offer PARPORT_PC 2008-04-19 20:40:10 -04:00
pci Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6 2008-04-21 15:58:35 -07:00
pcmcia Merge branch 'merge-fixes' into devel 2008-04-19 17:17:34 +01:00
pnp
power
ps3
rapidio
rtc
s390 Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
sbus
scsi Merge branch 'for-2.6.26' of git://git.kernel.dk/linux-2.6-block 2008-04-21 16:03:40 -07:00
serial Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-04-21 15:50:49 -07:00
sh
sn
spi
ssb
tc
telephony
thermal
uio UIO: hold a reference to the device's owner while the device is open 2008-04-19 19:10:18 -07:00
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hskinnemoen/avr32-2.6 2008-04-21 15:44:57 -07:00
video Merge branch 'merge-fixes' into devel 2008-04-19 17:17:34 +01:00
virtio
w1
watchdog Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
xen
zorro
Kconfig
Makefile