diff options
author | Alan Stern <stern@rowland.harvard.edu> | 2005-10-06 16:38:45 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2005-10-28 16:47:43 -0700 |
commit | a922c68732725866c88457026cf06a7620846506 (patch) | |
tree | e859a07f850fa62fc7e8494737b9a4830fdb936c /drivers/usb/gadget | |
parent | 3f8c03ee05801bf8539dd136d9246a416c45052a (diff) | |
download | op-kernel-dev-a922c68732725866c88457026cf06a7620846506.zip op-kernel-dev-a922c68732725866c88457026cf06a7620846506.tar.gz |
[PATCH] g_file_storage: fix obscure race condition
This patch (as575) fixes an unlikely race in the g_file_storage driver.
The problem can occur only when the driver is unbound before its
initialization routine has finished.
I also took the opportunity to replace kmalloc/memset with kzalloc.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget')
-rw-r--r-- | drivers/usb/gadget/file_storage.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c index 241c570..86a6aeb 100644 --- a/drivers/usb/gadget/file_storage.c +++ b/drivers/usb/gadget/file_storage.c @@ -3823,12 +3823,11 @@ static int __init fsg_bind(struct usb_gadget *gadget) /* Create the LUNs, open their backing files, and register the * LUN devices in sysfs. */ - fsg->luns = kmalloc(i * sizeof(struct lun), GFP_KERNEL); + fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL); if (!fsg->luns) { rc = -ENOMEM; goto out; } - memset(fsg->luns, 0, i * sizeof(struct lun)); fsg->nluns = i; for (i = 0; i < fsg->nluns; ++i) { @@ -3989,6 +3988,11 @@ static int __init fsg_bind(struct usb_gadget *gadget) mod_data.removable, mod_data.can_stall, mod_data.buflen); DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid); + + set_bit(REGISTERED, &fsg->atomic_bitflags); + + /* Tell the thread to start working */ + wake_up_process(fsg->thread_task); return 0; autoconf_fail: @@ -4051,10 +4055,9 @@ static int __init fsg_alloc(void) { struct fsg_dev *fsg; - fsg = kmalloc(sizeof *fsg, GFP_KERNEL); + fsg = kzalloc(sizeof *fsg, GFP_KERNEL); if (!fsg) return -ENOMEM; - memset(fsg, 0, sizeof *fsg); spin_lock_init(&fsg->lock); init_rwsem(&fsg->filesem); init_waitqueue_head(&fsg->thread_wqh); @@ -4080,15 +4083,9 @@ static int __init fsg_init(void) if ((rc = fsg_alloc()) != 0) return rc; fsg = the_fsg; - if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) { + if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) fsg_free(fsg); - return rc; - } - set_bit(REGISTERED, &fsg->atomic_bitflags); - - /* Tell the thread to start working */ - wake_up_process(fsg->thread_task); - return 0; + return rc; } module_init(fsg_init); |