LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Jiri Kosina <jkosina@suse.cz>
To: Jiri Slaby <jirislaby@gmail.com>, Jeroen Roovers <jer@gentoo.org>,
Helge Deller <deller@gmx.de>
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] USBHID: correct start/stop cycle
Date: Sun, 2 Nov 2008 00:02:47 +0100 (CET) [thread overview]
Message-ID: <alpine.LNX.1.10.0811020000360.29633@jikos.suse.cz> (raw)
In-Reply-To: <1225579306-28524-1-git-send-email-jirislaby@gmail.com>
On Sat, 1 Nov 2008, Jiri Slaby wrote:
> `stop' left out usbhid->urb* pointers and so the next `start' thought
> it needs to allocate nothing and used the memory pointers previously
> pointed to. This led to memory corruption and device malfunction.
>
> Also don't forget to clear disconnect flag on start which was left set
> by the previous `stop'.
>
> Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
> ---
> drivers/hid/usbhid/hid-core.c | 8 ++++++++
> 1 files changed, 8 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
> index 18e5ddd..f0339ae 100644
> --- a/drivers/hid/usbhid/hid-core.c
> +++ b/drivers/hid/usbhid/hid-core.c
> @@ -781,6 +781,8 @@ static int usbhid_start(struct hid_device *hid)
> unsigned int n, insize = 0;
> int ret;
>
> + clear_bit(HID_DISCONNECTED, &usbhid->iofl);
> +
> usbhid->bufsize = HID_MIN_BUFFER_SIZE;
> hid_find_max_report(hid, HID_INPUT_REPORT, &usbhid->bufsize);
> hid_find_max_report(hid, HID_OUTPUT_REPORT, &usbhid->bufsize);
> @@ -888,6 +890,9 @@ fail:
> usb_free_urb(usbhid->urbin);
> usb_free_urb(usbhid->urbout);
> usb_free_urb(usbhid->urbctrl);
> + usbhid->urbin = NULL;
> + usbhid->urbout = NULL;
> + usbhid->urbctrl = NULL;
> hid_free_buffers(dev, hid);
> mutex_unlock(&usbhid->setup);
> return ret;
> @@ -924,6 +929,9 @@ static void usbhid_stop(struct hid_device *hid)
> usb_free_urb(usbhid->urbin);
> usb_free_urb(usbhid->urbctrl);
> usb_free_urb(usbhid->urbout);
> + usbhid->urbin = NULL; /* don't mess up next start */
> + usbhid->urbctrl = NULL;
> + usbhid->urbout = NULL;
>
> hid_free_buffers(hid_to_usb_dev(hid), hid);
> mutex_unlock(&usbhid->setup);
Jeroen, Helge,
could you please verify whether this patch fixes the corruption you were
experiencing?
[ I will be offline for the upcoming ~9 days, will push the fix upstream
then, if it is not picked up through different channels in the
meantime ]
Thanks!
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2008-11-01 23:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-01 22:41 Jiri Slaby
2008-11-01 23:02 ` Jiri Kosina [this message]
2008-11-01 23:07 ` Jiri Slaby
2008-11-02 10:43 ` Helge Deller
2008-11-02 10:55 ` Jiri Slaby
2008-11-02 16:50 ` Helge Deller
2008-11-02 19:24 ` Denys Vlasenko
2008-11-11 23:22 ` Jiri Kosina
2008-11-12 0:24 ` Denys Vlasenko
2008-11-12 0:34 ` Who broke cb8f488c33 patch? (was Re: [PATCH 1/1] USBHID: correct start/stop cycle) Jiri Kosina
2008-11-12 0:50 ` Andrew Morton
2008-11-12 9:23 ` Jiri Slaby
2008-11-13 15:32 ` Helge Deller
2008-11-13 16:22 ` Linus Torvalds
2008-11-11 22:52 ` [PATCH 1/1] USBHID: correct start/stop cycle Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.1.10.0811020000360.29633@jikos.suse.cz \
--to=jkosina@suse.cz \
--cc=deller@gmx.de \
--cc=jer@gentoo.org \
--cc=jirislaby@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--subject='Re: [PATCH 1/1] USBHID: correct start/stop cycle' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).