svn commit: r287275 - stable/8/sys/dev/usb
Hans Petter Selasky
hselasky at FreeBSD.org
Sat Aug 29 06:28:49 UTC 2015
Author: hselasky
Date: Sat Aug 29 06:28:48 2015
New Revision: 287275
URL: https://svnweb.freebsd.org/changeset/base/287275
Log:
MFC r286799:
Fix race in USB PF which can happen if we stop tracing exactly when
the kernel is tapping an USB transfer. This leads to a NULL pointer
access. The solution is to only trace while the USB bus lock is
locked.
Modified:
stable/8/sys/dev/usb/usb_pf.c
stable/8/sys/dev/usb/usb_transfer.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/dev/ (props changed)
stable/8/sys/dev/usb/ (props changed)
Modified: stable/8/sys/dev/usb/usb_pf.c
==============================================================================
--- stable/8/sys/dev/usb/usb_pf.c Sat Aug 29 06:23:40 2015 (r287274)
+++ stable/8/sys/dev/usb/usb_pf.c Sat Aug 29 06:28:48 2015 (r287275)
@@ -103,13 +103,16 @@ usbpf_detach(struct usb_bus *ubus)
{
struct ifnet *ifp = ubus->ifp;
+ USB_BUS_LOCK(ubus);
+ ubus->ifp = NULL;
+ USB_BUS_UNLOCK(ubus);
+
if (ifp != NULL) {
bpfdetach(ifp);
if_down(ifp);
if_detach(ifp);
if_free(ifp);
}
- ubus->ifp = NULL;
}
static uint32_t
Modified: stable/8/sys/dev/usb/usb_transfer.c
==============================================================================
--- stable/8/sys/dev/usb/usb_transfer.c Sat Aug 29 06:23:40 2015 (r287274)
+++ stable/8/sys/dev/usb/usb_transfer.c Sat Aug 29 06:28:48 2015 (r287275)
@@ -2291,8 +2291,11 @@ usbd_callback_wrapper(struct usb_xfer_qu
}
#if USB_HAVE_PF
- if (xfer->usb_state != USB_ST_SETUP)
+ if (xfer->usb_state != USB_ST_SETUP) {
+ USB_BUS_LOCK(info->bus);
usbpf_xfertap(xfer, USBPF_XFERTAP_DONE);
+ USB_BUS_UNLOCK(info->bus);
+ }
#endif
/* call processing routine */
(xfer->callback) (xfer, xfer->error);
More information about the svn-src-all
mailing list