forked from luck/tmp_suning_uos_patched
c2d284ee04
USB drivers that create character devices call usb_register_dev in their probe function. This associates the usb_interface device with that minor number and creates the character device and announces it to the world. However, the driver's probe function is called before the new usb_interface is added to the driver's klist_devices. This is a problem because userspace will respond to the character device creation announcement by opening the character device. The driver's open function will the call usb_find_interface to find the usb_interface associated with that minor number. usb_find_interface will walk the driver's list of devices and find the usb_interface with the matching minor number. Because the announcement happens before the usb_interface is added to the driver's klist_devices, a race condition exists. A straightforward fix is to walk the list of devices on usb_bus_type instead since the device is added to that list before the announcement occurs. bus_find_device calls get_device to bump the reference count on the found device. It is arguable that the reference count should be dropped by the caller of usb_find_interface instead of usb_find_interface, however, the current users of usb_find_interface do not expect this. The original version of this patch only matched against minor number instead of driver and minor number. This version matches against both. Signed-off-by: Russ Dill <Russ.Dill@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
||
|---|---|---|
| .. | ||
| buffer.c | ||
| config.c | ||
| devices.c | ||
| devio.c | ||
| driver.c | ||
| endpoint.c | ||
| file.c | ||
| generic.c | ||
| hcd-pci.c | ||
| hcd.c | ||
| hcd.h | ||
| hub.c | ||
| hub.h | ||
| inode.c | ||
| Kconfig | ||
| Makefile | ||
| message.c | ||
| notify.c | ||
| otg_whitelist.h | ||
| quirks.c | ||
| sysfs.c | ||
| urb.c | ||
| usb.c | ||
| usb.h | ||