USB: fix locking in idmouse
Pete caused me to lock at buggy drivers in this respect. The idmouse has
a race between open and disconnect. This patch
- solves the open/disconnect race
- switches locking to mutexes
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c
index e6fd024..4bcf7fb 100644
--- a/drivers/usb/misc/idmouse.c
+++ b/drivers/usb/misc/idmouse.c
@@ -66,6 +66,7 @@
USB_TYPE_VENDOR | USB_RECIP_ENDPOINT | USB_DIR_OUT, value, index, NULL, 0, 1000)
MODULE_DEVICE_TABLE(usb, idmouse_table);
+static DEFINE_MUTEX(open_disc_mutex);
/* structure to hold all of our device specific stuff */
struct usb_idmouse {
@@ -80,7 +81,7 @@
int open; /* if the port is open or not */
int present; /* if the device is not disconnected */
- struct semaphore sem; /* locks this structure */
+ struct mutex lock; /* locks this structure */
};
@@ -213,13 +214,17 @@
if (!interface)
return -ENODEV;
+ mutex_lock(&open_disc_mutex);
/* get the device information block from the interface */
dev = usb_get_intfdata(interface);
- if (!dev)
+ if (!dev) {
+ mutex_unlock(&open_disc_mutex);
return -ENODEV;
+ }
/* lock this device */
- down(&dev->sem);
+ mutex_lock(&dev->lock);
+ mutex_unlock(&open_disc_mutex);
/* check if already open */
if (dev->open) {
@@ -245,7 +250,7 @@
error:
/* unlock this device */
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
return result;
}
@@ -258,12 +263,14 @@
if (dev == NULL)
return -ENODEV;
+ mutex_lock(&open_disc_mutex);
/* lock our device */
- down(&dev->sem);
+ mutex_lock(&dev->lock);
/* are we really open? */
if (dev->open <= 0) {
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
+ mutex_unlock(&open_disc_mutex);
return -ENODEV;
}
@@ -271,10 +278,12 @@
if (!dev->present) {
/* the device was unplugged before the file was released */
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
+ mutex_unlock(&open_disc_mutex);
idmouse_delete(dev);
} else {
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
+ mutex_unlock(&open_disc_mutex);
}
return 0;
}
@@ -286,18 +295,18 @@
int result;
/* lock this object */
- down(&dev->sem);
+ mutex_lock(&dev->lock);
/* verify that the device wasn't unplugged */
if (!dev->present) {
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
return -ENODEV;
}
result = simple_read_from_buffer(buffer, count, ppos,
dev->bulk_in_buffer, IMGSIZE);
/* unlock the device */
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
return result;
}
@@ -320,7 +329,7 @@
if (dev == NULL)
return -ENOMEM;
- init_MUTEX(&dev->sem);
+ mutex_init(&dev->lock);
dev->udev = udev;
dev->interface = interface;
@@ -372,24 +381,26 @@
/* get device structure */
dev = usb_get_intfdata(interface);
- usb_set_intfdata(interface, NULL);
/* give back our minor */
usb_deregister_dev(interface, &idmouse_class);
- /* lock it */
- down(&dev->sem);
+ mutex_lock(&open_disc_mutex);
+ usb_set_intfdata(interface, NULL);
+ /* lock the device */
+ mutex_lock(&dev->lock);
+ mutex_unlock(&open_disc_mutex);
/* prevent device read, write and ioctl */
dev->present = 0;
/* if the device is opened, idmouse_release will clean this up */
if (!dev->open) {
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
idmouse_delete(dev);
} else {
/* unlock */
- up(&dev->sem);
+ mutex_unlock(&dev->lock);
}
info("%s disconnected", DRIVER_DESC);