[linux-usb-devel] [PATCH 7/9] USB: ub oops in block_uevent

Tue, 09 May 2006 13:09:09 -0700 

From: Pete Zaitcev <[EMAIL PROTECTED]>

In kernel 2.6.16, if a mounted storage device is removed, an oops happens
because ub supplies an interface device (and kobject) to the block layer,
but neglects to pin it. And apparently, the block layer expects its users
to pin device structures.

The code in ub was broken this way for years. But the bug was exposed only
by 2.6.16 when it started to call block_uevent on close, which traverses
device structures (kobjects actually).

Signed-off-by: Pete Zaitcev <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>

---

 drivers/block/ub.c |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

77ef6c4d6e23653a79eedacdd6d1d0da7083e59c
diff --git a/drivers/block/ub.c b/drivers/block/ub.c
index f73446f..c688c25 100644
--- a/drivers/block/ub.c
+++ b/drivers/block/ub.c
@@ -536,6 +536,9 @@ static void ub_cleanup(struct ub_dev *sc
                kfree(lun);
        }
 
+       usb_set_intfdata(sc->intf, NULL);
+       usb_put_intf(sc->intf);
+       usb_put_dev(sc->dev);
        kfree(sc);
 }
 
@@ -2221,7 +2224,12 @@ static int ub_probe(struct usb_interface
        // sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
        usb_set_intfdata(intf, sc);
        usb_get_dev(sc->dev);
-       // usb_get_intf(sc->intf);      /* Do we need this? */
+       /*
+        * Since we give the interface struct to the block level through
+        * disk->driverfs_dev, we have to pin it. Otherwise, block_uevent
+        * oopses on close after a disconnect (kernels 2.6.16 and up).
+        */
+       usb_get_intf(sc->intf);
 
        snprintf(sc->name, 12, DRV_NAME "(%d.%d)",
            sc->dev->bus->busnum, sc->dev->devnum);
@@ -2286,7 +2294,7 @@ #endif
 
 err_dev_desc:
        usb_set_intfdata(intf, NULL);
-       // usb_put_intf(sc->intf);
+       usb_put_intf(sc->intf);
        usb_put_dev(sc->dev);
        kfree(sc);
 err_core:
@@ -2461,12 +2469,6 @@ static void ub_disconnect(struct usb_int
         * and no URBs left in transit.
         */
 
-       usb_set_intfdata(intf, NULL);
-       // usb_put_intf(sc->intf);
-       sc->intf = NULL;
-       usb_put_dev(sc->dev);
-       sc->dev = NULL;
-
        ub_put(sc);
 }
 
-- 
1.3.2



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to