Oliver Neukum <oliver@xxxxxxxxxx> writes: > Am Donnerstag, 26. April 2012, 21:19:33 schrieb Bjørn Mork: > >> Looks good! Thanks a lot for figuring that out. I was staring myself >> blind at this. Yes, it looks very obvious when you point it out like >> that. >> >> I had even noticed the unlocked desc->outbuf assignment, but in my >> naĩvity I just tried to move the mutex_lock in front of it. Which of >> course didn't help a bit as the buffer would be used in wdm_out_callback >> >> I guess you'll wrap this up and submit instead of my helpless patch, so >> that this can be fixed for 3.4? > > Did you do enough testing to be sure the race is fixed? Yes, I am pretty sure that it is fixed. The "success rate" of breaking the driver has been 100% for me. I.e. one single attempt has always resulted in a crash. I've now run the test application more than 20 times with your patch applied, without crashing, so it's definitely fixed. And the patch is also quite obviously correct, once you spelled it out like that... Bjørn -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
