Re: [PATCH] usbfs: Fix oops related to user namespace conversion.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greg,

The oops that this patch fixes should be applied to 3.2.

Are we late enough in the release cycle that I should send this patch as
an update for 3.3 with a note for stable?  Or do you think Linus will
pull from you one more time before 3.2?

Sarah Sharp

On Sun, Dec 18, 2011 at 08:49:41PM -0600, Serge Hallyn wrote:
> Quoting Alan Stern (stern@xxxxxxxxxxxxxxxxxxx):
> > On Fri, 16 Dec 2011, Sarah Sharp wrote:
> > 
> > > When running the Point Grey "flycap" program for their USB 3.0 camera
> > > (which was running as a USB 2.0 device for some reason), I trigger this
> > > oops whenever I try to open a video stream:
> > ...
> > > markup_oops.pl says the oops is in put_cred:
> > ...
> > 
> > > This bug seems to have been introduced by commit
> > > d178bc3a708f39cbfefc3fab37032d3f2511b4ec "user namespace: usb: make usb
> > > urbs user namespace aware (v2)"
> > > 
> > > I'm not sure if this is right fix, but it does stop the oops.
> > > 
> > > Unfortunately, the Point Grey software still refuses to work, but it's a
> > > closed source app, so I can't fix it.
> > > 
> > > Signed-off-by: Sarah Sharp <sarah.a.sharp@xxxxxxxxxxxxxxx>
> > > Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> 
> Thanks, Sarah.
> 
> Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> 
> > > ---
> > >  drivers/usb/core/devio.c |    3 ++-
> > >  1 files changed, 2 insertions(+), 1 deletions(-)
> > > 
> > > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> > > index d8cf06f..3af5e2d 100644
> > > --- a/drivers/usb/core/devio.c
> > > +++ b/drivers/usb/core/devio.c
> > > @@ -286,7 +286,8 @@ static struct async *alloc_async(unsigned int numisoframes)
> > >  static void free_async(struct async *as)
> > >  {
> > >  	put_pid(as->pid);
> > > -	put_cred(as->cred);
> > > +	if (as->cred)
> > > +		put_cred(as->cred);
> > >  	kfree(as->urb->transfer_buffer);
> > >  	kfree(as->urb->setup_packet);
> > >  	usb_free_urb(as->urb);
> > 
> > This is a reasonable fix.  It turns out there are a couple of error
> > paths by which a struct async can be freed before its .cred member has
> > been set.  The alternative fix is to move the statement initializing
> > as->cred up earlier, before those errors occur.  But what you did is
> > probably more robust.
> > 
> > The most likely error, which didn't exist when commit d178bc3a708f39
> > was written, is that the usbfs memory limit was exceeded.  You can see
> > if increasing that limit helps "flycap" at all.  (The other error path
> > happens when kmalloc fails to get enough memory for the URB's transfer
> > buffer.)
> > 
> > Alan Stern
> > 
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux