Date: Mon, 24 Apr 2006 08:32:57 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-current@freebsd.org Cc: Ian Dowse <iedowse@freebsd.org> Subject: Re: [PATCH] ugen detach race Message-ID: <200604240832.58929.jhb@freebsd.org> In-Reply-To: <200604221622.14785.mistry.7@osu.edu> References: <200604050354.19659.mistry.7@osu.edu> <200604221459.43050.mistry.7@osu.edu> <200604221622.14785.mistry.7@osu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 22 April 2006 04:22 pm, Anish Mistry wrote: > On Saturday 22 April 2006 14:59, Anish Mistry wrote: > > On Wednesday 05 April 2006 04:44, Anish Mistry wrote: > > > On Wednesday 05 April 2006 03:53, Anish Mistry wrote: > > > > While working on getting hplip ported I ran across a race > > > > condition in the ugen code that causes a crash. The following > > > > patch fixes a problem where read, write, and ioctl can be > > > > called during a detach since sc_dying isn't checked before > > > > bumping the reference count. This puts the sc_dying check > > > > before the *_do_* functions are called. This includes the patch > > > > from usb/81308 to prevent polling on the control endpoint. As > > > > well as a few NULL pointer checks from NetBSD. This patch is > > > > applicable to RELENG_6. > > > > > > And CURRENT. > > > > > > > http://am-productions.biz/docs/ugen-detach-race.patch > > > > > > > > This doesn't fix the case where an application has a read/write > > > > pending and then detach is called. In this case destroy_devl > > > > will just keep looping until the read/write completes. > > > > I've updated the patch. It now includes the fix for the panic on > > detach when a process has a device open when a detach occurs. ugen > > now no longer waits for the process to close the connection and > > just cuts it off. > > Applies to RELENG_6 and CURRENT. > > > > http://am-productions.biz/docs/ugen-detach-race.patch > > > > The patch should fix usb/93949 too. > > This seems to fix all the panics I'm seeing with the ugen device. > > It would be nice if this could make it into 6.1. > > I added another panic fix. An error was introduced in rev 1.94 on > ugen.c in the USB_SET_CONFIG ioctl case that calls > ugen_make_devnodes. This causes a panic since this logic was moved > to ugen_set_config a while ago. Removing the ugen_make_devnodes() > call from ugen_do_ioctl fixes the problem. This bug made it trivial > to cause a panic when there was access to any ugen device. > > http://am-productions.biz/docs/ugen-detach-race.patch Might want to send it to freebsd-usb@ to get more usb-aware folks to review= =20 it. =2D-=20 John Baldwin <jhb@FreeBSD.org> =A0<>< =A0http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" =A0=3D =A0http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604240832.58929.jhb>