Hi,
the following points:
1. Checking for an active waitqueue before waking is either
unnecessary or a race condition
2. usb_set_interface() in the release code path may fail, but
you must not abort in that case or there is a memleak
3. don't use interruptible_sleep_on() or friends
4. you must not pass a buffer on the stack to usb_bulk_msg()
and friends
Regards
Oliver
You can import this changeset into BK by piping this whole message to:
'| bk receive [path to repository]' or apply the patch as usual.
===================================================================
[EMAIL PROTECTED], 2003-08-09 14:19:14+02:00, [EMAIL PROTECTED]
- no DMA on stack
- cleanup of waiting
- fix memleak in race with physical disconnect
cpia_usb.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff -Nru a/drivers/media/video/cpia_usb.c b/drivers/media/video/cpia_usb.c
--- a/drivers/media/video/cpia_usb.c Sat Aug 9 14:19:51 2003
+++ b/drivers/media/video/cpia_usb.c Sat Aug 9 14:19:51 2003
@@ -161,8 +161,7 @@
ucpia->workbuff->status = FRAME_EMPTY;
ucpia->workbuff->length = 0;
- if (waitqueue_active(&ucpia->wq_stream))
- wake_up_interruptible(&ucpia->wq_stream);
+ wake_up_interruptible(&ucpia->wq_stream);
}
}
}
@@ -348,7 +347,10 @@
databytes = (((int)command[7])<<8) | command[6];
if (command[0] == DATA_IN) {
- u8 buffer[8];
+ u8 *buffer;
+ buffer = kmalloc(8, GFP_KERNEL);
+ if (!buffer)
+ return -ENOMEM;
if (!data) {
DBG("Internal driver error: data is NULL\n");
@@ -356,10 +358,13 @@
}
err = ReadPacket(udev, command, buffer, 8);
- if (err < 0)
+ if (err < 0) {
+ kfree(buffer);
return err;
+ }
memcpy(data, buffer, databytes);
+ kfree(buffer);
} else if(command[0] == DATA_OUT)
WritePacket(udev, command, data, databytes);
else {
@@ -390,15 +395,22 @@
{
struct usb_cpia *ucpia = (struct usb_cpia *) privdata;
struct framebuf *mybuff;
+ DEFINE_WAIT(wait);
if (!ucpia || !ucpia->present)
return -1;
-
+
+ prepare_to_wait(&ucpia->wq_stream, &wait, TASK_INTERRUPTIBLE);
if (ucpia->curbuff->status != FRAME_READY)
- interruptible_sleep_on(&ucpia->wq_stream);
+ schedule();
else
DBG("Frame already waiting!\n");
+ finish_wait(&ucpia->wq_stream, &wait);
+ if (signal_pending(current))
+ return -EINTR;
+
+
mybuff = ucpia->curbuff;
if (!mybuff)
@@ -434,7 +446,6 @@
ret = usb_set_interface(ucpia->dev, ucpia->iface, 0);
if (ret < 0) {
printk(KERN_ERR "usb_set_interface error (ret = %d)\n", ret);
- return;
}
}
@@ -616,8 +627,7 @@
ucpia->curbuff->status = FRAME_ERROR;
- if (waitqueue_active(&ucpia->wq_stream))
- wake_up_interruptible(&ucpia->wq_stream);
+ wake_up_interruptible(&ucpia->wq_stream);
udev = interface_to_usbdev(intf);
usb_driver_release_interface(&cpia_driver,
===================================================================
This BitKeeper patch contains the following changesets:
1.2214
## Wrapped with gzip_uu ##
begin 664 bkpatch28640
M'XL(`.?F-#\``ZU5;8_:1A#^S/Z*J2*ET/"RZS=LKD1W"21%]Q)$./[EMAIL PROTECTED]
M6/B%KM>A*.2_=]:^7IK>Z7IM8R%YF)UG9^;99]8OX+9$-6H5:?()%7L!OQ2E
M'K7(SJH8\WZ.U:[*^H7:T-JB*&AML"TR'#2`P5([EMAIL PROTECTED]:`JV4
MHY;HV_<>[EMAIL PROTECTED],[EMAIL PROTECTED]';+4[CRM,^SM5R*W)=KI?
M/EF<"R$LE]NN)]R3Y=NV<Q(>7\5DQM8P6*^\@&T4;LX;>%1DW\)M[G/7LJPA
M'YX<[EMAIL PROTECTED]@]X`,(9B6`DG%?<&G$.37OGC_``KP3T.'L#_[_F
MMRR"'N0%3*XOH,BAU#+:U;XH19E7>RC6<)")3O)-[5XGOT.&&2WN(,E!R0CA
[EMAIL PROTECTED]',HED"G%21D6>8Z39)3B^)5PV_THUZ_W+AS$N.7O]2*^Q,@[EMAIL PROTECTED]
M1`X^)[EMAIL PROTECTED])"$T(^^$N#PP/).CNWXWBE8^=**43JNC./[EMAIL PROTECTED],-
MA"4"(4ZV[?E!+:NG<8]K[7OT\G<!/J]^1PP=S^4GR[9<OU:ES1]H4CQ'DP'T
[EMAIL PROTECTED]/<84@"C+88[4I(=([EMAIL PROTECTED]/<AC"56)Y((J)ZW%),\BEVEZK(%D%)'4
M"*MJO48%JR/LLMK9A15&[EMAIL PROTECTED]:5:7.?]3D,L+76_R+^)-<HU+57B>K%,,R1=R'
M%&[EMAIL PROTECTED]&]L)D$F::[EMAIL PROTECTED]&I:HPQJV-B-!HQ&E!27:2YJ-&D=YDDU>*(QI+AJU
M?(">.M0_TOG\'X3S'R9G(CP'[EMAIL PROTECTED]"M>BY(S7\IL'VR\JDZ;T^_!:66J',
M.F=L8KN"0#/S<@A;[EMAIL PROTECTED];NC=OPGLVV_"^_?S</+Z>)F>M4Q(<D:VC\T
M<1V36Z&N5`Z]Z<V'[EMAIL PROTECTED]/-<'/P#OPV2!V:[K:VW=;G%&DQ^LV
MOAC3JLT'(4'MGTS?S6ZFX:\7LV7;W%YU/X%7IZ.72<=:>X5[J3#416AB'K+0
MA9=FH0O+BX^7X>QF.5TL;N?+V9NK:><,P&SI-UOZ=3$E236NB$]3B4/C0KRM
MDSPIMT\G,'29[DO2ATS#/9*B\TT[JI3"7'<,>_?D414+"C?[F^-IL8EC#\F8
B>,+0./.LFJ/GG_/]][&9LRH;QR*F2X8/V1]=0J#LF@<`````
`
end
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
