From 2c45b6feb394337b4b468229632b8737375caf1d Mon Sep 17 00:00:00 2001 From: "C. Adam Oldham" Date: Thu, 2 Jun 2005 17:16:34 -0400 Subject: [PATCH] USB: Fix race condition in usblp_write Initialize status fields in the read and write urbs to prevent a race condition with open/read/close - open/write/close sequences. Fixes bug #4432 at bugzilla.kernel.org Signed-off-by: Adam Oldham Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/usblp.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers/usb/class/usblp.c') diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c index bba22e97ea0..dff134185c1 100644 --- a/drivers/usb/class/usblp.c +++ b/drivers/usb/class/usblp.c @@ -379,6 +379,8 @@ static int usblp_open(struct inode *inode, struct file *file) usblp->writeurb->transfer_buffer_length = 0; usblp->wcomplete = 1; /* we begin writeable */ usblp->rcomplete = 0; + usblp->writeurb->status = 0; + usblp->readurb->status = 0; if (usblp->bidir) { usblp->readcount = 0; -- cgit v1.2.3 From 01205a0e60bb5a66d768b881fb8355981b912510 Mon Sep 17 00:00:00 2001 From: Domen Puncer Date: Sun, 5 Jun 2005 14:46:16 +0200 Subject: [PATCH] USB: usblp: 2x up() in usblp_read up(&usblp->sem) was called twice in a row in this code path. Signed-off-by: Domen Puncer Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/usblp.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/usb/class/usblp.c') diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c index dff134185c1..7ce43fb8118 100644 --- a/drivers/usb/class/usblp.c +++ b/drivers/usb/class/usblp.c @@ -753,6 +753,7 @@ static ssize_t usblp_read(struct file *file, char __user *buffer, size_t count, schedule(); } else { set_current_state(TASK_RUNNING); + down(&usblp->sem); break; } down (&usblp->sem); -- cgit v1.2.3