> From: "Tim Jansen" <[EMAIL PROTECTED]>
> Sent: Wednesday, April 11, 2001 2:04 PM
> Subject: Re: [linux-usb-devel] Hotplugging and locks?
>
> On Wednesday 11 April 2001 20:04, you wrote:
> > > When the device is disconnected in usb_disconnect() the usb_device struct
> > > is freed, but no one prevents code that already has a pointer to it to
> > > access it.
> > Drivers storing the usb_device pointer are required to do that
> > safely.
>
> But how can this work without locks?
Drivers have to create and use locks, to do that safely.
> Lets assume that on CPU 1 a process calls ioctl on a device node and the
> driver uses the usb_device pointer in the fops function to respond.
Or more typically, the CPU1 process uses read or write ... not
all drivers implement ioctl, otherwise it's a fine example.
> While this function is running the user unplugs the device and CPU 2 runs
> usb_disconnect() that frees the usb_device that is used on CPU 1. In this
> situation CPU 1 would use an illegal pointer after usb_disconnect() has run,
Similar race if CPU1 just enters the fops function, CPU2 disconnects;
then CPU1 never even sees a valid pointer.
> or is there any code that makes usb_disconnect (or its callers) wait for the
> ioctl function to finish?
Such code should be in the driver. For example, "dc2xx.c" does it,
using a semaphore to block for access to the device pointer even on
the disconnect path.
But "printer.c" does not, and oopses have been reported on that
disconnect code path. (Oopsing is only the most extreme failure mode;
it's not guaranteed, so some folk won't see oopses when they unplug
printers mid-page.)
- Dave
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
http://lists.sourceforge.net/lists/listinfo/linux-usb-devel
