From: Alan Stern Date: Thu, 6 Oct 2005 20:38:45 +0000 (-0400) Subject: [PATCH] g_file_storage: fix obscure race condition X-Git-Tag: firefly_0821_release~39876^2~63^2~5^2~50 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a922c68732725866c88457026cf06a7620846506;p=firefly-linux-kernel-4.4.55.git [PATCH] g_file_storage: fix obscure race condition This patch (as575) fixes an unlikely race in the g_file_storage driver. The problem can occur only when the driver is unbound before its initialization routine has finished. I also took the opportunity to replace kmalloc/memset with kzalloc. Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c index 241c570e541c..86a6aeb9ed76 100644 --- a/drivers/usb/gadget/file_storage.c +++ b/drivers/usb/gadget/file_storage.c @@ -3823,12 +3823,11 @@ static int __init fsg_bind(struct usb_gadget *gadget) /* Create the LUNs, open their backing files, and register the * LUN devices in sysfs. */ - fsg->luns = kmalloc(i * sizeof(struct lun), GFP_KERNEL); + fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL); if (!fsg->luns) { rc = -ENOMEM; goto out; } - memset(fsg->luns, 0, i * sizeof(struct lun)); fsg->nluns = i; for (i = 0; i < fsg->nluns; ++i) { @@ -3989,6 +3988,11 @@ static int __init fsg_bind(struct usb_gadget *gadget) mod_data.removable, mod_data.can_stall, mod_data.buflen); DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid); + + set_bit(REGISTERED, &fsg->atomic_bitflags); + + /* Tell the thread to start working */ + wake_up_process(fsg->thread_task); return 0; autoconf_fail: @@ -4051,10 +4055,9 @@ static int __init fsg_alloc(void) { struct fsg_dev *fsg; - fsg = kmalloc(sizeof *fsg, GFP_KERNEL); + fsg = kzalloc(sizeof *fsg, GFP_KERNEL); if (!fsg) return -ENOMEM; - memset(fsg, 0, sizeof *fsg); spin_lock_init(&fsg->lock); init_rwsem(&fsg->filesem); init_waitqueue_head(&fsg->thread_wqh); @@ -4080,15 +4083,9 @@ static int __init fsg_init(void) if ((rc = fsg_alloc()) != 0) return rc; fsg = the_fsg; - if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) { + if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) fsg_free(fsg); - return rc; - } - set_bit(REGISTERED, &fsg->atomic_bitflags); - - /* Tell the thread to start working */ - wake_up_process(fsg->thread_task); - return 0; + return rc; } module_init(fsg_init);