ChangeSet 1.1371.759.18, 2004/04/23 16:20:07-07:00, baldrick@free.fr

[PATCH] USB usbfs: missing lock in proc_getdriver

Hi Oliver,

> I expect it to rarely matter, but it might matter now and then. It's
> just a question of hygiene. If you are using a temporary buffer I'd
> like to see it used to full advantage. So either drop the lock or do
> a direct copy. I'd prefer the first option your patch implemented.

I agree.  Greg, please consider applying the updated patch:



Protect against driver binding changes while reading the driver name.


 drivers/usb/core/devio.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)


diff -Nru a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
--- a/drivers/usb/core/devio.c	Fri May 14 15:33:25 2004
+++ b/drivers/usb/core/devio.c	Fri May 14 15:33:25 2004
@@ -708,13 +708,15 @@
 		return -EFAULT;
 	if ((ret = findintfif(ps->dev, gd.interface)) < 0)
 		return ret;
+	down_read(&usb_bus_type.subsys.rwsem);
 	interface = ps->dev->actconfig->interface[ret];
-	if (!interface->dev.driver)
+	if (!interface || !interface->dev.driver) {
+		up_read(&usb_bus_type.subsys.rwsem);
 		return -ENODATA;
+	}
 	strncpy(gd.driver, interface->dev.driver->name, sizeof(gd.driver));
-	if (copy_to_user(arg, &gd, sizeof(gd)))
-		return -EFAULT;
-	return 0;
+	up_read(&usb_bus_type.subsys.rwsem);
+	return copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0;
 }
 
 static int proc_connectinfo(struct dev_state *ps, void __user *arg)