On Wednesday 11 April 2001 20:04, you wrote:
> > When the device is disconnected in usb_disconnect() the usb_device struct
> > is freed, but no one prevents code that already has a pointer to it to
> > access it.
> Drivers storing the usb_device pointer are required to do that
> safely.
But how can this work without locks?
Lets assume that on CPU 1 a process calls ioctl on a device node and the
driver uses the usb_device pointer in the fops function to respond.
While this function is running the user unplugs the device and CPU 2 runs
usb_disconnect() that frees the usb_device that is used on CPU 1. In this
situation CPU 1 would use an illegal pointer after usb_disconnect() has run,
or is there any code that makes usb_disconnect (or its callers) wait for the
ioctl function to finish?
bye...
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
http://lists.sourceforge.net/lists/listinfo/linux-usb-devel