mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-16 16:54:20 +08:00
0d3e5a2e39
There's no check to see if the device is already bound to a driver, which could do bad things. The first thing to go wrong is that it will try to match a driver with a device already bound to one. In some cases (it appears with USB with drivers/usb/core/usb.c::usb_match_id()), some drivers will match a device based on the class type, so it would be common (especially for HID devices) to match a device that is already bound. The fun comes when ->probe() is called, it fails, then driver_probe_device() does this: dev->driver = NULL; Later on, that pointer could be be dereferenced without checking and cause hell to break loose. This problem could be nasty. It's very hardware dependent, since some devices could have a different set of matching qualifiers than others. Now, I don't quite see exactly where/how you were getting that crash. You're dereferencing bad memory, but I'm not sure which pointer was bad and where it came from, but it could have come from a couple of different places. The patch below will hopefully fix it all up for you. It's against 2.6.12-rc2-mm1, and does the following: - Move logic to driver_probe_device() and comments uncommon returns: 1 - If device is bound 0 - If device not bound, and no error error - If there was an error. - Move locking to caller of that function, since we want to lock a device for the entire time we're trying to bind it to a driver (to prevent against a driver being loaded at the same time). - Update __device_attach() and __driver_attach() to do that locking. - Check if device is already bound in __driver_attach() - Update the converse device_release_driver() so it locks the device around all of the operations. - Mark driver_probe_device() as static and remove export. It's an internal function, it should stay that way, and there are no other callers. If there is ever a need to export it, we can audit it as necessary. Signed-off-by: Andrew Morton <akpm@osdl.org> |
||
|---|---|---|
| .. | ||
| acorn | ||
| acpi | ||
| atm | ||
| base | ||
| block | ||
| bluetooth | ||
| cdrom | ||
| char | ||
| cpufreq | ||
| crypto | ||
| dio | ||
| eisa | ||
| fc4 | ||
| firmware | ||
| i2c | ||
| ide | ||
| ieee1394 | ||
| infiniband | ||
| input | ||
| isdn | ||
| macintosh | ||
| mca | ||
| md | ||
| media | ||
| message | ||
| misc | ||
| mmc | ||
| mtd | ||
| net | ||
| nubus | ||
| oprofile | ||
| parisc | ||
| parport | ||
| pci | ||
| pcmcia | ||
| pnp | ||
| s390 | ||
| sbus | ||
| scsi | ||
| serial | ||
| sh | ||
| sn | ||
| tc | ||
| telephony | ||
| usb | ||
| video | ||
| w1 | ||
| zorro | ||
| Kconfig | ||
| Makefile | ||