From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
To: Marcus Nutzinger <marcus.nutzinger@theobroma-systems.com>,
Felipe Balbi <balbi@ti.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] usb: gadget: gadgetfs: correct dev state
Date: Thu, 05 Jun 2014 18:18:11 +0400 [thread overview]
Message-ID: <53907C23.5060404@cogentembedded.com> (raw)
In-Reply-To: <1401973680-18413-1-git-send-email-marcus.nutzinger@theobroma-systems.com>
Hello.
On 06/05/2014 05:08 PM, Marcus Nutzinger wrote:
> Commit 1826e9b1 fixes the use after free of "dev".
Please also specify that commit's summary line in parens.
> However if this is not the final call to dev_release()
> and the state is not reset to STATE_DEV_DISABLED and
> hence all further open() calls to the gadgetfs ep0
> device will fail with EBUSY.
> So this commit reverts 1826e9b1 and places the call
> put_dev() after setting the state.
> Signed-off-by: Marcus Nutzinger <marcus.nutzinger@theobroma-systems.com>
> Reviewed-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
> ---
> drivers/usb/gadget/inode.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
> diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
> index a925d0c..6330528 100644
> --- a/drivers/usb/gadget/inode.c
> +++ b/drivers/usb/gadget/inode.c
> @@ -1264,8 +1264,13 @@ dev_release (struct inode *inode, struct file *fd)
>
> kfree (dev->buf);
> dev->buf = NULL;
> - put_dev (dev);
>
> + /* other endpoints were all decoupled from this device */
> + spin_lock_irq(&dev->lock);
> + dev->state = STATE_DEV_DISABLED;
> + spin_unlock_irq(&dev->lock);
Not sure I understand why you need spinlock here... isn't the assignment
atomic already?
> +
> + put_dev (dev);
> return 0;
> }
WBR, Sergei
next prev parent reply other threads:[~2014-06-05 14:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-05 13:08 [PATCH] usb: gadget: gadgetfs: correct dev state Marcus Nutzinger
2014-06-05 14:18 ` Sergei Shtylyov [this message]
2014-06-05 15:15 ` Marcus Nutzinger
2014-06-05 16:04 ` Alan Stern
2014-06-05 15:17 ` [PATCH v2] " Marcus Nutzinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53907C23.5060404@cogentembedded.com \
--to=sergei.shtylyov@cogentembedded.com \
--cc=balbi@ti.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=marcus.nutzinger@theobroma-systems.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.