On Mon, May 30, 2005 at 09:44:44PM +0200, Harald Welte wrote:
> I think there is currently no protection/locking/refcounting going on.
>
> If a process issues an URB from userspace and starts to terminate before
> the URB comes back, we run into the issue described above. This is
> because the urb saves a pointer to "current" when it is posted to the
> device, but there's no guarantee that this pointer is still valid
> afterwards.
>
> I'm not familiar with the scheduler code to decide what fix
> is the way to go. Is it sufficient to do {get,put}_task_struct() from
> the usb code?
mh. it appears like it's sighand which disappears, not the task itself.
I've tried the following patch:
Index: linux-2.6.12-rc5/kernel/signal.c
===================================================================
--- linux-2.6.12-rc5.orig/kernel/signal.c 2005-05-30 18:23:55.000000000 +0200
+++ linux-2.6.12-rc5/kernel/signal.c 2005-05-30 23:20:49.000000000 +0200
@@ -1258,6 +1258,15 @@
if (!valid_signal(sig))
return -EINVAL;
+ if (!p) {
+ printk("%s p == NULL\n");
+ return -EINVAL;
+ }
+ if (!p->sighand) {
+ printk("%s:%u p->sighand == NULL\n", __FUNCTION__, p->pid);
+ return -EINVAL;
+ }
+
/*
* We need the tasklist lock even for the specific
* thread case (when we don't need to follow the group
and it prints "p->sighand == NULL" every time I exit a program while
using the usbdevio based driver.
consequently, the following patch 'fixed' the problem. Please do not
consider this as a real fix, since there's certainly still a race
condition left. Please use it as a hint to correctly fix the problem.
Index: linux-2.6.12-rc5/drivers/usb/core/devio.c
===================================================================
--- linux-2.6.12-rc5.orig/drivers/usb/core/devio.c 2005-05-26 15:49:57.000000000 +0200
+++ linux-2.6.12-rc5/drivers/usb/core/devio.c 2005-05-30 23:21:06.000000000 +0200
@@ -283,7 +283,8 @@
sinfo.si_errno = as->urb->status;
sinfo.si_code = SI_ASYNCIO;
sinfo.si_addr = as->userurb;
- send_sig_info(as->signr, &sinfo, as->task);
+ if (as->task && as->task->sighand)
+ send_sig_info(as->signr, &sinfo, as->task);
}
wake_up(&ps->wait);
}
Thanks,
--
- Harald Welte <[email protected]> http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Attachment:
pgpHBlj7zWWer.pgp
Description: PGP signature
- Follow-Ups:
- Re: [BUG] oops while completing async USB via usbdevio
- From: Oliver Neukum <[email protected]>
- Re: [linux-usb-devel] Re: [BUG] oops while completing async USB via usbdevio
- From: David Brownell <[email protected]>
- Re: [BUG] oops while completing async USB via usbdevio
- References:
- [BUG] oops while completing async USB via usbdevio
- From: Harald Welte <[email protected]>
- [BUG] oops while completing async USB via usbdevio
- Prev by Date: Re: Bug in 2.6.11.11 - udp_poll(), fragments + CONFIG_HIGHMEM
- Next by Date: Re: [RFT][PATCH] aic79xx: remove busyq
- Previous by thread: [BUG] oops while completing async USB via usbdevio
- Next by thread: Re: [linux-usb-devel] Re: [BUG] oops while completing async USB via usbdevio
- Index(es):
 |