mirror of
https://github.com/adulau/aha.git
synced 2025-01-01 13:46:24 +00:00
69626f23bc
There is a window:
task A task B
spin_lock_irq(&usbhid->inlock); /* Sync with error handler */
usb_set_intfdata(intf, NULL);
spin_unlock_irq(&usbhid->inlock);
usb_kill_urb(usbhid->urbin);
usb_kill_urb(usbhid->urbout);
usb_kill_urb(usbhid->urbctrl);
del_timer_sync(&usbhid->io_retry);
cancel_work_sync(&usbhid->reset_work);
if (!hid->open++) {
res = usb_autopm_get_interface(usbhid->intf);
if (res < 0) {
hid->open--;
return -EIO;
}
}
if (hid_start_in(hid))
if (hid->claimed & HID_CLAIMED_INPUT)
hidinput_disconnect(hid);
in which an open() to an already disconnected device will submit an URB
to an undead device. In case disconnect() was called by an ioctl, this'll
oops. Fix by introducing a new flag and checking it in hid_start_in().
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||
|---|---|---|
| .. | ||
| hid-core.c | ||
| hid-ff.c | ||
| hid-lg2ff.c | ||
| hid-lgff.c | ||
| hid-pidff.c | ||
| hid-plff.c | ||
| hid-quirks.c | ||
| hid-tmff.c | ||
| hid-zpff.c | ||
| hiddev.c | ||
| Kconfig | ||
| Makefile | ||
| usbhid.h | ||
| usbkbd.c | ||
| usbmouse.c | ||