lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Oct 2007 16:49:12 +0200
From:	Oliver Neukum <oliver@...kum.org>
To:	Pete Zaitcev <zaitcev@...hat.com>
Cc:	linux-usb-devel@...ts.sourceforge.net, greg@...ah.com,
	linux-kernel@...r.kernel.org, vitalivanov@...il.com,
	netwiz@....id.au
Subject: Re: USB: FIx locks and urb->status in adutux

Am Mittwoch 24 Oktober 2007 schrieb Pete Zaitcev:
> Oliver, thanks for the inftdata catch. I also fixed the sleep_on.

But you are leaving a function while still on a waitqueue left on the stack.
Here's a patch on top of yours.

	Regards
		Oliver

----

--- work/drivers/usb/misc/adutux.c.alt	2007-10-24 16:36:02.000000000 +0200
+++ work/drivers/usb/misc/adutux.c	2007-10-24 16:36:06.000000000 +0200
@@ -567,19 +567,21 @@ static ssize_t adu_write(struct file *fi
 
 	retval = mutex_lock_interruptible(&dev->mtx);
 	if (retval)
-		goto exit_nolock;
+		goto exit_nolock_intr;
 
 	/* verify that the device wasn't unplugged */
 	if (dev->udev == NULL) {
+		mutex_unlock(&dev->mtx);
 		retval = -ENODEV;
 		err("No device or device unplugged %d", retval);
-		goto exit;
+		goto exit_nolock_intr;
 	}
 
 	/* verify that we actually have some data to write */
 	if (count == 0) {
+		mutex_unlock(&dev->mtx);
 		dbg(1," %s : write request of 0 bytes", __FUNCTION__);
-		goto exit;
+		goto exit_nolock_intr;
 	}
 
 	add_wait_queue(&dev->write_wait, &waita);
@@ -649,13 +651,14 @@ static ssize_t adu_write(struct file *fi
 			bytes_written += bytes_to_write;
 		}
 	}
-	remove_wait_queue(&dev->write_wait, &waita);
 
 	retval = bytes_written;
 
 exit:
 	mutex_unlock(&dev->mtx);
 exit_nolock:
+	remove_wait_queue(&dev->write_wait, &waita);
+exit_nolock_intr:
 
 	dbg(2," %s : leave, return value %d", __FUNCTION__, retval);
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ