[PATCH] handle usb host allocation failures

From: Jesse Barnes
Date: Mon Sep 27 2004 - 17:19:03 EST

Next message: Nigel Cunningham: "Re: mlock(1)"
Previous message: Roland Dreier: "Re: [PATCH][1/2] [RESEND] kobject: add HOTPLUG_ENV_VAR"
Next in thread: Greg KH: "Re: [PATCH] handle usb host allocation failures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It looks like a host (like ohci or whatever) could try to allocate a new
usb_device structure with usb_alloc_dev and get back a valid pointer even if
the allocation of its private data failed. I first saw this in the 2.4
sources, but it looks like 2.6 has the same problem. This patch attempts to
fix it by freeing dev if the ->allocate() routine fails, and then returns
NULL instead of a potentially dangerous dev pointer.

Signed-off-by: Jesse Barnes <jbarnes@xxxxxxx>

Thanks,
Jesse
===== drivers/usb/core/usb.c 1.174 vs edited =====
--- 1.174/drivers/usb/core/usb.c 2004-08-03 07:18:53 -07:00
+++ edited/drivers/usb/core/usb.c 2004-09-27 15:13:25 -07:00
@@ -759,7 +759,10 @@
init_MUTEX(&dev->serialize);

if (dev->bus->op->allocate)
- dev->bus->op->allocate(dev);
+ if (dev->bus->op->allocate(dev)) {
+ kfree(dev);
+ return NULL;
+ }

return dev;
}

Next message: Nigel Cunningham: "Re: mlock(1)"
Previous message: Roland Dreier: "Re: [PATCH][1/2] [RESEND] kobject: add HOTPLUG_ENV_VAR"
Next in thread: Greg KH: "Re: [PATCH] handle usb host allocation failures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]