This is a note to let you know that we have just queued up the patch titled
Subject: USB: fix concurrent buffer access in the hub driver
to the 2.6.20-stable tree. Its filename is
usb-fix-concurrent-buffer-access-in-the-hub-driver.patch
A git repo of this tree can be found at
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>From [EMAIL PROTECTED] Mon Feb 5 06:57:55 2007
From: Alan Stern <[EMAIL PROTECTED]>
Date: Mon, 5 Feb 2007 09:56:15 -0500 (EST)
Subject: USB: fix concurrent buffer access in the hub driver
To: Greg KH <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], USB development list
<linux-usb-devel@lists.sourceforge.net>, Adrian Bunk <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
This patch (as849) fixes a bug in the USB hub driver. A single
pre-allocated buffer is used for all port status reads, but nothing
guarantees exclusive use of the buffer. A mutex is added to provide
this guarantee.
Signed-off-by: Alan Stern <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
--- usb-2.6.orig/drivers/usb/core/hub.c
+++ usb-2.6/drivers/usb/core/hub.c
@@ -44,6 +44,7 @@ struct usb_hub {
struct usb_hub_status hub;
struct usb_port_status port;
} *status; /* buffer for status reports */
+ struct mutex status_mutex; /* for the status buffer */
int error; /* last reported error */
int nerrors; /* track consecutive errors */
@@ -535,6 +536,7 @@ static int hub_hub_status(struct usb_hub
{
int ret;
+ mutex_lock(&hub->status_mutex);
ret = get_hub_status(hub->hdev, &hub->status->hub);
if (ret < 0)
dev_err (hub->intfdev,
@@ -544,6 +546,7 @@ static int hub_hub_status(struct usb_hub
*change = le16_to_cpu(hub->status->hub.wHubChange);
ret = 0;
}
+ mutex_unlock(&hub->status_mutex);
return ret;
}
@@ -617,6 +620,7 @@ static int hub_configure(struct usb_hub
ret = -ENOMEM;
goto fail;
}
+ mutex_init(&hub->status_mutex);
hub->descriptor = kmalloc(sizeof(*hub->descriptor), GFP_KERNEL);
if (!hub->descriptor) {
@@ -1394,6 +1398,7 @@ static int hub_port_status(struct usb_hu
{
int ret;
+ mutex_lock(&hub->status_mutex);
ret = get_port_status(hub->hdev, port1, &hub->status->port);
if (ret < 4) {
dev_err (hub->intfdev,
@@ -1405,6 +1410,7 @@ static int hub_port_status(struct usb_hu
*change = le16_to_cpu(hub->status->port.wPortChange);
ret = 0;
}
+ mutex_unlock(&hub->status_mutex);
return ret;
}
_______________________________________________
stable mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/stable
Patches currently in stable-queue which might be from [EMAIL PROTECTED] are
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
