On 6/30/05, Greg KH <[email protected]> wrote:
> On Thu, Jun 30, 2005 at 09:26:43AM +0200, [email protected] wrote:
>
> > > Again, any specific place in the kernel that you see not doing this?
> > I believe some drivers expected that sysfs read/write callback are always
> > called when the device is plugged so they don't check if
> > to_usb_interface/usb_get_intfdata return valid pointer.
>
> Then they should be fixed. Any specific examples?
>
A lot of USB drivers implement sysfs attributes and then to something like this:
static ssize_t show_tabletProductId(struct device *dev, char *buf)
{
struct aiptek *aiptek = dev_get_drvdata(dev);
if (aiptek == NULL)
return 0;
return snprintf(buf, PAGE_SIZE, "0x%04x\n",
aiptek->inputdev->id.product);
}
aiptek structure is freed in aiptek_disconnect. It is possible that
CPU1 just passed that aiptek==NULL check and the task gets
rescheduled. Second CPU will do disconnect and kfree(aiptek).
You really need a semaphore in USB driver core to make sure that
device is not taken from you and that the driver that is bound to the
device is still the same.
--
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
