LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Jiri Slaby <jirislaby@gmail.com>
To: jkosina@suse.cz
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
Jiri Slaby <jirislaby@gmail.com>
Subject: [PATCH 1/1] USBHID: correct start/stop cycle
Date: Sat, 1 Nov 2008 23:41:46 +0100 [thread overview]
Message-ID: <1225579306-28524-1-git-send-email-jirislaby@gmail.com> (raw)
`stop' left out usbhid->urb* pointers and so the next `start' thought
it needs to allocate nothing and used the memory pointers previously
pointed to. This led to memory corruption and device malfunction.
Also don't forget to clear disconnect flag on start which was left set
by the previous `stop'.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
---
drivers/hid/usbhid/hid-core.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index 18e5ddd..f0339ae 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -781,6 +781,8 @@ static int usbhid_start(struct hid_device *hid)
unsigned int n, insize = 0;
int ret;
+ clear_bit(HID_DISCONNECTED, &usbhid->iofl);
+
usbhid->bufsize = HID_MIN_BUFFER_SIZE;
hid_find_max_report(hid, HID_INPUT_REPORT, &usbhid->bufsize);
hid_find_max_report(hid, HID_OUTPUT_REPORT, &usbhid->bufsize);
@@ -888,6 +890,9 @@ fail:
usb_free_urb(usbhid->urbin);
usb_free_urb(usbhid->urbout);
usb_free_urb(usbhid->urbctrl);
+ usbhid->urbin = NULL;
+ usbhid->urbout = NULL;
+ usbhid->urbctrl = NULL;
hid_free_buffers(dev, hid);
mutex_unlock(&usbhid->setup);
return ret;
@@ -924,6 +929,9 @@ static void usbhid_stop(struct hid_device *hid)
usb_free_urb(usbhid->urbin);
usb_free_urb(usbhid->urbctrl);
usb_free_urb(usbhid->urbout);
+ usbhid->urbin = NULL; /* don't mess up next start */
+ usbhid->urbctrl = NULL;
+ usbhid->urbout = NULL;
hid_free_buffers(hid_to_usb_dev(hid), hid);
mutex_unlock(&usbhid->setup);
--
1.6.0.3
next reply other threads:[~2008-11-01 22:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-01 22:41 Jiri Slaby [this message]
2008-11-01 23:02 ` Jiri Kosina
2008-11-01 23:07 ` Jiri Slaby
2008-11-02 10:43 ` Helge Deller
2008-11-02 10:55 ` Jiri Slaby
2008-11-02 16:50 ` Helge Deller
2008-11-02 19:24 ` Denys Vlasenko
2008-11-11 23:22 ` Jiri Kosina
2008-11-12 0:24 ` Denys Vlasenko
2008-11-12 0:34 ` Who broke cb8f488c33 patch? (was Re: [PATCH 1/1] USBHID: correct start/stop cycle) Jiri Kosina
2008-11-12 0:50 ` Andrew Morton
2008-11-12 9:23 ` Jiri Slaby
2008-11-13 15:32 ` Helge Deller
2008-11-13 16:22 ` Linus Torvalds
2008-11-11 22:52 ` [PATCH 1/1] USBHID: correct start/stop cycle Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1225579306-28524-1-git-send-email-jirislaby@gmail.com \
--to=jirislaby@gmail.com \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--subject='Re: [PATCH 1/1] USBHID: correct start/stop cycle' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).