lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4BBED506.40907@ladisch.de>
Date:	Fri, 09 Apr 2010 09:19:34 +0200
From:	Clemens Ladisch <clemens@...isch.de>
To:	Tvrtko Ursulin <tvrtko@...ulin.net>
CC:	Takashi Iwai <tiwai@...e.de>, alsa-devel@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org
Subject: Re: Ooops when working with USB MIDI (2.6.33.1)

Tvrtko Ursulin wrote:
> On Thursday 08 Apr 2010 13:22:36 Takashi Iwai wrote:
> > > Takashi, do you remember what the original problem was?
> > 
> > Well, I have only a vague memory -- it's a similar scenario that some app
> > still accessing after disconnection.  The URB can't be handled after
> > the disconnection is finished.
> > 
> > I think the patch below might fix in this case.  You can try it
> > instead of reverting the commit above.
> > 
> > --- a/sound/usb/usbmidi.c
> > +++ b/sound/usb/usbmidi.c
> > @@ -986,6 +986,8 @@ static void snd_usbmidi_output_drain(struct
> >  snd_rawmidi_substream *substream) DEFINE_WAIT(wait);
> >  	long timeout = msecs_to_jiffies(50);
> > 
> > +	if (ep->umidi->disconnected)
> > +		return;
> > ...
> > @@ -1275,6 +1277,11 @@ void snd_usbmidi_disconnect(struct list_head* p)
> >  			snd_usbmidi_in_endpoint_delete(ep->in);
> >  			ep->in = NULL;
> >  		}
> > +		ep->active_urbs = 0;
> > +		if (ep->drain_urbs) {
> > +			ep->drain_urbs = 0;
> > +			wake_up(&ep->drain_wait);
> > +		}
> 
> For the second hunk, do you think ep->out->... and so on? That would be more 
> in-line with code present in 2.6.33.

ep->out has been just freed.  And in the first hunk, in _drain, the ep
pointer is the same as ep->out in _disconnect.

In _disconnect, we must not free ep->in and ep->out because those
structures might still be accessed by all the functions called from
user space.

I'll write separate disconnect functions for the endpoint structures
when I find time.


Regards,
Clemens
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ