[PATCH] USB usbfs: missing lock in proc_getdriver

Hi Oliver, > I expect it to rarely matter, but it might matter now and then. It's > just a question of hygiene. If you are using a temporary buffer I'd > like to see it used to full advantage. So either drop the lock or do > a direct copy. I'd prefer the first option your patch implemented. I agree. Greg, please consider applying the updated patch: Protect against driver binding changes while reading the driver name.

[PATCH] USB usbfs: missing lock in proc_getdriver
Hi Oliver, > I expect it to rarely matter, but it might matter now and then. It's > just a question of hygiene. If you are using a temporary buffer I'd > like to see it used to full advantage. So either drop the lock or do > a direct copy. I'd prefer the first option your patch implemented. I agree. Greg, please consider applying the updated patch: Protect against driver binding changes while reading the driver name.
c057908f · Duncan Sands · Greg Kroah-Hartman · d4b73114 · c057908f
Commit c057908f authored Apr 23, 2004 by Duncan Sands Committed by Greg Kroah-Hartman Apr 23, 2004
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

drivers/usb/core/devio.c drivers/usb/core/devio.c +6 -4

No files found.
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -708,13 +708,15 @@ static int proc_getdriver(struct dev_state *ps, void __user *arg)
 		return -EFAULT;
 	if ((ret = findintfif(ps->dev, gd.interface)) < 0)
 		return ret;
+	down_read(&usb_bus_type.subsys.rwsem);
 	interface = ps->dev->actconfig->interface[ret];
-	if (!interface->dev.driver)
+	if (!interface || !interface->dev.driver) {
+		up_read(&usb_bus_type.subsys.rwsem);
 		return -ENODATA;
+	}
 	strncpy(gd.driver, interface->dev.driver->name, sizeof(gd.driver));
-	if (copy_to_user(arg, &gd, sizeof(gd)))
-		return -EFAULT;
-	return 0;
+	up_read(&usb_bus_type.subsys.rwsem);
+	return copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0;
 }

 static int proc_connectinfo(struct dev_state *ps, void __user *arg)