On 2 September 2011 06:29, Amit Nagal <helloin.amit@xxxxxxxxx> wrote: > Hi , > > In function hidraw_open (linux-3.0.3/drivers/hid/hidraw.c ) , struct > hidraw_list *list should be freed for all error conditions . > Following is patch enclosed for the same : > > Signed-off-by: Amit Nagal <helloin.amit@xxxxxxxxx> Another patch (3a22ebe9cc76acac2511b1d3979a35609924ce42 "HID: hidraw: fix hidraw_disconnect()", pasted below) tried to fix the same problem, but introduced a different problem where the device_destroy in hidraw_disconnect would cause the hidraw to get freed, and then hidraw_disconnect() would go and reference it then try and free it again. I believe that patch should now be reverted, as with this patch the device_destroy will free the list, and won't free the hidraw, allowing hidraw_disconnect to clean it up itself. Does that sound correct? Cheers James commit 3a22ebe9cc76acac2511b1d3979a35609924ce42 Author: Stefan Achatz <erazor_de@xxxxxxxxxxxxxxxxxxxxx> Date: Sat Jan 29 02:17:30 2011 +0100 HID: hidraw: fix hidraw_disconnect() hidraw_disconnect() first sets an entry in hidraw_table to NULL and calls device_destroy() afterwards. The thereby called hidraw_release() tries to read this already cleared value resulting in never removing any device from the list. This got fixed by changing the order of events. Signed-off-by: Stefan Achatz <erazor_de@xxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c index 468e87b..5516ea4 100644 --- a/drivers/hid/hidraw.c +++ b/drivers/hid/hidraw.c @@ -428,12 +428,12 @@ void hidraw_disconnect(struct hid_device *hid) hidraw->exist = 0; + device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); + mutex_lock(&minors_lock); hidraw_table[hidraw->minor] = NULL; mutex_unlock(&minors_lock); - device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); - if (hidraw->open) { hid_hw_close(hid); wake_up_interruptible(&hidraw->wait); > --- > > diff -uprN linux-3.0.3/drivers/hid/hidraw.c.orig > linux-3.0.3/drivers/hid/hidraw.c > --- linux-3.0.3/drivers/hid/hidraw.c.orig 2011-09-01 > 13:23:19.000000000 -0400 > +++ linux-3.0.3/drivers/hid/hidraw.c 2011-09-02 06:25:08.000000000 -0400 > @@ -259,7 +259,6 @@ static int hidraw_open(struct inode *ino > > mutex_lock(&minors_lock); > if (!hidraw_table[minor]) { > - kfree(list); > err = -ENODEV; > goto out_unlock; > } > @@ -285,6 +284,8 @@ static int hidraw_open(struct inode *ino > out_unlock: > mutex_unlock(&minors_lock); > out: > + if (err < 0) > + kfree(list); > return err; > > } > > -- > -- > To unsubscribe from this list: send the line "unsubscribe linux-input" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Hogan -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html