This patch (as1310) works around a race in dev_driver_string(). If
the device is unbound while the function is running, dev->driver might
become NULL after we test it and before we dereference it.
Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
CC: stable@xxxxxxxxxx
---
Oliver:
We don't have to worry about the device structure being deallocated
while the routine is running. If that happens it's a bug in the
caller: improper refcounting.
Alan Stern
Index: usb-2.6/drivers/base/core.c
===================================================================
--- usb-2.6.orig/drivers/base/core.c
+++ usb-2.6/drivers/base/core.c
@@ -56,7 +56,14 @@ static inline int device_is_not_partitio
*/
const char *dev_driver_string(const struct device *dev)
{
- return dev->driver ? dev->driver->name :
+ struct device_driver *drv;
+
+ /* dev->driver can change to NULL underneath us because of unbinding,
+ * so be careful about accessing it. dev->bus and dev->class should
+ * never change once they are set, so they don't need special care.
+ */
+ drv = ACCESS_ONCE(dev->driver);
+ return drv ? drv->name :
(dev->bus ? dev->bus->name :
(dev->class ? dev->class->name : ""));
}
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
