Re: [linux-usb-devel] [PATCH 8/9] USB usbfs: missing lock in proc_getdriver
From: Duncan Sands
Date: Wed Apr 14 2004 - 06:40:03 EST
On Wednesday 14 April 2004 13:04, Oliver Neukum wrote:
> > + down_read(&usb_bus_type.subsys.rwsem);
> > + if (interface && interface->dev.driver) {
> > + strncpy(gd.driver, interface->dev.driver->name, sizeof(gd.driver));
> > + ret = copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0;
> > + }
> > + up_read(&usb_bus_type.subsys.rwsem);
> > + return ret;
>
> IMHO you should drop the lock before you copy to userspace.
Hi Oliver, I wasn't particularly worried about it since it's a rwsem taken for
reading and writing is a rare event. Do you think it really matters? If so,
how about this instead (compiles but otherwise untested):
@@ -702,13 +708,15 @@
return -EFAULT;
if ((ret = findintfif(ps->dev, gd.interface)) < 0)
return ret;
+ down_read(&usb_bus_type.subsys.rwsem);
interface = ps->dev->actconfig->interface[ret];
- if (!interface->dev.driver)
+ if (!interface || !interface->dev.driver) {
+ up_read(&usb_bus_type.subsys.rwsem);
return -ENODATA;
+ }
strncpy(gd.driver, interface->dev.driver->name, sizeof(gd.driver));
- if (copy_to_user(arg, &gd, sizeof(gd)))
- return -EFAULT;
- return 0;
+ up_read(&usb_bus_type.subsys.rwsem);
+ return copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0;
}
static int proc_connectinfo(struct dev_state *ps, void __user *arg)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/