Fwd: Re: [PATCH] ugen detach race
Anish Mistry
mistry.7 at osu.edu
Mon Apr 24 14:27:47 UTC 2006
Sending to the usb list as per jhb's suggestion.
---------- Forwarded Message ----------
Subject: Re: [PATCH] ugen detach race
Date: Saturday 22 April 2006 16:22
From: Anish Mistry <mistry.7 at osu.edu>
To: freebsd-current at freebsd.org
Cc: Ian Dowse <iedowse at freebsd.org>
On Saturday 22 April 2006 14:59, Anish Mistry wrote:
> On Wednesday 05 April 2006 04:44, Anish Mistry wrote:
> > On Wednesday 05 April 2006 03:53, Anish Mistry wrote:
> > > While working on getting hplip ported I ran across a race
> > > condition in the ugen code that causes a crash. The following
> > > patch fixes a problem where read, write, and ioctl can be
> > > called during a detach since sc_dying isn't checked before
> > > bumping the reference count. This puts the sc_dying check
> > > before the *_do_* functions are called. This includes the patch
> > > from usb/81308 to prevent polling on the control endpoint. As
> > > well as a few NULL pointer checks from NetBSD. This patch is
> > > applicable to RELENG_6.
> >
> > And CURRENT.
> >
> > > http://am-productions.biz/docs/ugen-detach-race.patch
> > >
> > > This doesn't fix the case where an application has a read/write
> > > pending and then detach is called. In this case destroy_devl
> > > will just keep looping until the read/write completes.
>
> I've updated the patch. It now includes the fix for the panic on
> detach when a process has a device open when a detach occurs. ugen
> now no longer waits for the process to close the connection and
> just cuts it off.
> Applies to RELENG_6 and CURRENT.
>
> http://am-productions.biz/docs/ugen-detach-race.patch
>
> The patch should fix usb/93949 too.
> This seems to fix all the panics I'm seeing with the ugen device.
> It would be nice if this could make it into 6.1.
I added another panic fix. An error was introduced in rev 1.94 on
ugen.c in the USB_SET_CONFIG ioctl case that calls
ugen_make_devnodes. This causes a panic since this logic was moved
to ugen_set_config a while ago. Removing the ugen_make_devnodes()
call from ugen_do_ioctl fixes the problem. This bug made it trivial
to cause a panic when there was access to any ugen device.
http://am-productions.biz/docs/ugen-detach-race.patch
--
Anish Mistry
-------------------------------------------------------
--
Anish Mistry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-usb/attachments/20060424/970e1569/attachment.pgp
More information about the freebsd-usb
mailing list