On Fri, 11 Mar 2005, Nick Sillik wrote:
> I'm resubmitting the patch with the wrap removed and the list in the onetouch
> struct. I also changed usb_unlink_urb usb_kill_urb.
> +int onetouch_release_input(struct us_data *ss)
<...>
> + usb_unlink_urb(onetouch->irq);
Should be usb_kill_urb again.
> + input_unregister_device(&onetouch->dev);
> + usb_free_urb(onetouch->irq);
> + usb_buffer_free(onetouch->udev, ONETOUCH_PKT_LEN,
> + onetouch->data, onetouch->data_dma);
> + kfree(onetouch);
I'm not too familiar with the input layer. Can't this code run while a
user still has the input device file open? If it does, what will happen
when the user later closes the device file and onetouch_close tries to
dereference a pointer to deallocated memory?
In usb.c:usb_stor_release_resources():
> + /* Attempt to connect the onetouch urb to the device */
> + /* Note: If the CONFIG_USB_STORAGE_ONETOUCH is not set */
> + /* onetouch_connect_input(us) will always return 0 */
> + switch (onetouch_connect_input(us)) {
> + case 0:
> + break;
> + default:
> + printk(KERN_WARNING USB_STORAGE
> + "Unable to allocate onetouch urb\n");
> + }
> +
> /* Kill the control thread. The SCSI host must already have been
> * removed so it won't try to queue any more commands.
> */
Looks like you cut & pasted instead of writing the correct code here.
Alan Stern
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
[email protected]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
