Re: [BUG] oops while completing async USB via usbdevio

From: Harald Welte
Date: Mon May 30 2005 - 16:30:57 EST

Next message: J.A. Magallon: "Re: [RFT][PATCH] aic79xx: remove busyq"
Previous message: Adrian Bunk: "[2.6 patch] drivers/media/common/saa7146_fops.c: make a function static"
In reply to: Harald Welte: "[BUG] oops while completing async USB via usbdevio"
Next in thread: David Brownell: "Re: [linux-usb-devel] Re: [BUG] oops while completing async USB via usbdevio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 30, 2005 at 09:44:44PM +0200, Harald Welte wrote:
> I think there is currently no protection/locking/refcounting going on.
>
> If a process issues an URB from userspace and starts to terminate before
> the URB comes back, we run into the issue described above. This is
> because the urb saves a pointer to "current" when it is posted to the
> device, but there's no guarantee that this pointer is still valid
> afterwards.
>
> I'm not familiar with the scheduler code to decide what fix
> is the way to go. Is it sufficient to do {get,put}_task_struct() from
> the usb code?

mh. it appears like it's sighand which disappears, not the task itself.

I've tried the following patch:

Index: linux-2.6.12-rc5/kernel/signal.c
===================================================================
--- linux-2.6.12-rc5.orig/kernel/signal.c 2005-05-30 18:23:55.000000000 +0200
+++ linux-2.6.12-rc5/kernel/signal.c 2005-05-30 23:20:49.000000000 +0200
@@ -1258,6 +1258,15 @@
if (!valid_signal(sig))
return -EINVAL;

+ if (!p) {
+ printk("%s p == NULL\n");
+ return -EINVAL;
+ }
+ if (!p->sighand) {
+ printk("%s:%u p->sighand == NULL\n", __FUNCTION__, p->pid);
+ return -EINVAL;
+ }
+
/*
* We need the tasklist lock even for the specific
* thread case (when we don't need to follow the group

and it prints "p->sighand == NULL" every time I exit a program while
using the usbdevio based driver.

consequently, the following patch 'fixed' the problem. Please do not
consider this as a real fix, since there's certainly still a race
condition left. Please use it as a hint to correctly fix the problem.

Index: linux-2.6.12-rc5/drivers/usb/core/devio.c
===================================================================
--- linux-2.6.12-rc5.orig/drivers/usb/core/devio.c 2005-05-26 15:49:57.000000000 +0200
+++ linux-2.6.12-rc5/drivers/usb/core/devio.c 2005-05-30 23:21:06.000000000 +0200
@@ -283,7 +283,8 @@
sinfo.si_errno = as->urb->status;
sinfo.si_code = SI_ASYNCIO;
sinfo.si_addr = as->userurb;
- send_sig_info(as->signr, &sinfo, as->task);
+ if (as->task && as->task->sighand)
+ send_sig_info(as->signr, &sinfo, as->task);
}
wake_up(&ps->wait);
}

Thanks,
--
- Harald Welte <laforge@xxxxxxxxxxxx> http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)

Attachment: pgp00000.pgp
Description: PGP signature

Next message: J.A. Magallon: "Re: [RFT][PATCH] aic79xx: remove busyq"
Previous message: Adrian Bunk: "[2.6 patch] drivers/media/common/saa7146_fops.c: make a function static"
In reply to: Harald Welte: "[BUG] oops while completing async USB via usbdevio"
Next in thread: David Brownell: "Re: [linux-usb-devel] Re: [BUG] oops while completing async USB via usbdevio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]