From: Vojtech Pavlik <vojtech@suse.cz>
To: torvalds@osdl.org, vojtech@suse.cz, linux-kernel@vger.kernel.org
Subject: [PATCH 44/47] This patch fixes another disconnect oops in hiddev.
Date: Thu, 29 Jul 2004 16:09:56 +0200 [thread overview]
Message-ID: <10911101962613@twilight.ucw.cz> (raw)
In-Reply-To: <10911101962274@twilight.ucw.cz>
You can pull this changeset from:
bk://kernel.bkbits.net/vojtech/input
===================================================================
ChangeSet@1.1757.50.5, 2004-07-05 13:38:52+02:00, akropel1@rochester.rr.com
This patch fixes another disconnect oops in hiddev.
hid-core calls hiddev_disconnect() when the underlying device goes away
(hot unplug or system shutdown). Normally, hiddev_disconnect() will
clean up nicely and return to hid-core who then frees the hid structure.
However, if the corresponding hiddev node is open at disconnect time,
hiddev delays the majority of disconnect work until the device is closed
via hiddev_release(). hiddev_release() calls hiddev_cleanup() which
proceeds to dereference the hid struct which hid-core freed back when
the hardware was disconnected. Oops.
To solve this, we change hiddev_disconnect() to deregister the hiddev
minor and invalidate its table entry immediately and delay only the
freeing of the hiddev structure itself. We're protected against future
operations on the fd since the major fops check hiddev->exists.
There may still be an ordering of events that causes a problem but I can
no longer reproduce any manually. There are enough different subsystems
and object lifetimes interacting here that I may have screwed something
else up; review is certainly welcome.
Signed-off-by: Adam Kropelin <akropel1@rochester.rr.com>
Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>
hiddev.c | 18 ++++++------------
1 files changed, 6 insertions(+), 12 deletions(-)
===================================================================
diff -Nru a/drivers/usb/input/hiddev.c b/drivers/usb/input/hiddev.c
--- a/drivers/usb/input/hiddev.c Thu Jul 29 14:38:38 2004
+++ b/drivers/usb/input/hiddev.c Thu Jul 29 14:38:38 2004
@@ -226,16 +226,6 @@
return retval < 0 ? retval : 0;
}
-/*
- * De-allocate a hiddev structure
- */
-static struct usb_class_driver hiddev_class;
-static void hiddev_cleanup(struct hiddev *hiddev)
-{
- hiddev_table[hiddev->hid->minor - HIDDEV_MINOR_BASE] = NULL;
- usb_deregister_dev(hiddev->hid->intf, &hiddev_class);
- kfree(hiddev);
-}
/*
* release file op
@@ -256,7 +246,7 @@
if (list->hiddev->exist)
hid_close(list->hiddev->hid);
else
- hiddev_cleanup(list->hiddev);
+ kfree(list->hiddev);
}
kfree(list);
@@ -804,17 +794,21 @@
* This is where hid.c calls us to disconnect a hiddev device from the
* corresponding hid device (usually because the usb device has disconnected)
*/
+static struct usb_class_driver hiddev_class;
void hiddev_disconnect(struct hid_device *hid)
{
struct hiddev *hiddev = hid->hiddev;
hiddev->exist = 0;
+ hiddev_table[hiddev->hid->minor - HIDDEV_MINOR_BASE] = NULL;
+ usb_deregister_dev(hiddev->hid->intf, &hiddev_class);
+
if (hiddev->open) {
hid_close(hiddev->hid);
wake_up_interruptible(&hiddev->wait);
} else {
- hiddev_cleanup(hiddev);
+ kfree(hiddev);
}
}
next prev parent reply other threads:[~2004-07-29 14:26 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-29 14:07 [patches] Input updates Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 1/47] Add 64-bit compatible ioctls for hiddev Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 2/47] Fix locking in i8042.c and serio.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 3/47] Fix an oops in poll() on uinput Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 4/47] Ensure exclusive access to variables in atkbd.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 5/47] Return 0 from uinput poll if device isn't yet created Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 6/47] Explicit variable access rules for psmouse.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 7/47] Add reporting of raw scancodes to atkbd.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 8/47] Use raw events generated by atkbd in keyboard.c to implement true rawmode for PS/2 keyboards Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 9/47] Fixes in serio locking Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 10/47] Disable the AUX LoopBack command in i8042.c on Compaq ProLiant Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 11/47] Make atkbd.c's atkbd_command() function immune to keys being pressed while running Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 12/47] More locking improvements (and a fix) for serio Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 13/47] Add a missing dmi_noloop declaration in i8042.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 14/47] logips2pp - do not call get_model_info 2 times Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 15/47] Fix compilation breakage when CONFIG_USB_HIDDEV not defined Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 16/47] Make hardware rawmode optional for AT-keyboards Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 17/47] Fix boundary checks for GUSAGE/SUSAGE in hiddev Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 18/47] Updates to the tsdev driver (raw protocol, calib ioctls, ...) Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 19/47] mousedev - better handle button presses when under load Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 20/47] mousedev - implement tapping for touchpads Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 21/47] Remove OSB4/Profusion hack in i8042 Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 22/47] rearrangements and cleanups in serio.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 23/47] Fix bad struct hidinput initialization in hid-tmff.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 24/47] Remove an extra dmi_noloop declaration in i8042.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 25/47] Enhancements/fixes for PSX pad support Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 26/47] when probing for ImExPS/2 mice, the ImPS/2 sequence needs to be sent first Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 27/47] Fix array overflows in keyboard.c when KEY_MAX > keycode > NR_KEYS > 128 Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 28/47] Add Dell SB Live! PCI ID to the emu10k1-gp driver Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 29/47] Add Audigy LS PCI ID to emu10k1-gp Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 30/47] Add CodeMercs IOWarrior to hid-core device blacklist Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 31/47] Fix Peter Nelson's e-mail address in gamecon.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 32/47] make connect and disconnect methods mandatory for serio Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 33/47] rename serio->driver to serio->port_data Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 34/47] more renames in serio in preparation for sysfs integration Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 35/47] switch to dynamic (heap) serio port allocation Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 36/47] allow serio drivers to create children ports Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 37/47] serio sysfs integration Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 38/47] allow users to manually rebind serio ports Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 39/47] allow marking some drivers as manual bind only Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 40/47] Add serio_raw driver Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 41/47] link (some) serio ports to their parent devices Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 42/47] Fix Kconfig so that the joydump module can be compiled Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 43/47] Move Compaq ProLiant DMI handling to i8042.c Vojtech Pavlik
2004-07-29 14:09 ` Vojtech Pavlik [this message]
2004-07-29 14:09 ` [PATCH 45/47] Re-add PC Speaker support for PPC Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 46/47] Fix a missing index in tmdc.c Vojtech Pavlik
2004-07-29 14:09 ` [PATCH 47/47] Check the range for HIDIOC?USAGES num_values Vojtech Pavlik
2004-07-29 16:59 ` [patches] Input updates Vojtech Pavlik
2004-07-29 16:59 ` [PATCH 1/2] move input/serio closer to the top of drivers/Makefile so serio_bus is available early Vojtech Pavlik
2004-07-29 16:59 ` [PATCH 2/2] rearrange code in sunzilog to prevent deadlock Vojtech Pavlik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10911101962613@twilight.ucw.cz \
--to=vojtech@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox