HID: fix race between usb_register_dev() and hiddev_open()
upon further thought this code is still racy. retval = usb_register_dev(usbhid->intf, &hiddev_class); here you open a window during which open can happen if (retval) { err_hid("Not able to get a minor for this device."); hid->hiddev = NULL; kfree(hiddev); return -1; } else { hid->minor = usbhid->intf->minor; hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev; and will fail because hiddev_table hasn't been updated The obvious fix of using a mutex to guard hiddev_table doesn't work because usb_open() and usb_register_dev() take minor_rwsem and we'd have an AB-BA deadlock. We need a lock usb_open() also takes in the right order and that leaves only one option, BKL. I don't like it but I see no alternative. Once the usb_open() implements something better than lock_kernel(), we could also do so. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
parent
6f4303fb2e
commit
e43bd67d72
@ -875,16 +875,21 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
|
||||
hiddev->hid = hid;
|
||||
hiddev->exist = 1;
|
||||
|
||||
/* when lock_kernel() usage is fixed in usb_open(),
|
||||
* we could also fix it here */
|
||||
lock_kernel();
|
||||
retval = usb_register_dev(usbhid->intf, &hiddev_class);
|
||||
if (retval) {
|
||||
err_hid("Not able to get a minor for this device.");
|
||||
hid->hiddev = NULL;
|
||||
unlock_kernel();
|
||||
kfree(hiddev);
|
||||
return -1;
|
||||
} else {
|
||||
hid->minor = usbhid->intf->minor;
|
||||
hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
|
||||
}
|
||||
unlock_kernel();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user