• Alan Stern's avatar
    USB: fix crash when URBs are unlinked after the device is gone · cde217a5
    Alan Stern authored
    This patch (as1151) protects usbcore against drivers that try to
    unlink an URB after the URB's device or bus have been removed.  The
    core does not currently check for this, and certain drivers can cause
    a crash if they are running while an HCD is unloaded.
    
    Certainly it would be best to fix the guilty drivers.  But a little
    defensive programming doesn't hurt, especially since it appears that
    quite a few drivers need to be fixed.
    
    The patch prevents the problem by grabbing a reference to the device
    while an unlink is in progress and using a new spinlock to synchronize
    unlinks with device removal.  (There's no need to acquire a reference
    to the bus as well, since the device structure itself keeps a
    reference to the bus.)  In addition, the kerneldoc is updated to
    indicate that URBs should not be unlinked after the disconnect method
    returns.
    Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
    Cc: stable <stable@kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    cde217a5
hub.c 98.7 KB