Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev/usb fix a locking botch in ucomhwiflow():



details:   https://anonhg.NetBSD.org/src/rev/b6b5d9b91c71
branches:  trunk
changeset: 456274:b6b5d9b91c71
user:      mrg <mrg%NetBSD.org@localhost>
date:      Wed May 01 06:01:01 2019 +0000

description:
fix a locking botch in ucomhwiflow():

tty.c always calls t_hwiflow() with tty_lock held, and the caller
of this for ucom always holds sc->sc_lock when calling down into
the tty layer.

don't try to re-take the sc_lock in ucomhwiflow() (locking against
myself is triggered here currently), but instead assert that the
lock is already held _and_ that tty_lock is held.


in ucom_detach(), when closing pipes set sc_bulkin_pipe and
sc_bulkout_pipe to NULL.  fixes bug noticed by code inspection:
a failed detach would attempt to close them a second time.

diffstat:

 sys/dev/usb/ucom.c |  17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diffs (54 lines):

diff -r 81d32b0db60d -r b6b5d9b91c71 sys/dev/usb/ucom.c
--- a/sys/dev/usb/ucom.c        Wed May 01 02:15:07 2019 +0000
+++ b/sys/dev/usb/ucom.c        Wed May 01 06:01:01 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ucom.c,v 1.122 2019/04/20 05:53:18 mrg Exp $   */
+/*     $NetBSD: ucom.c,v 1.123 2019/05/01 06:01:01 mrg Exp $   */
 
 /*
  * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ucom.c,v 1.122 2019/04/20 05:53:18 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ucom.c,v 1.123 2019/05/01 06:01:01 mrg Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -413,10 +413,14 @@
 
        pmf_device_deregister(self);
 
-       if (sc->sc_bulkin_pipe != NULL)
+       if (sc->sc_bulkin_pipe != NULL) {
                usbd_abort_pipe(sc->sc_bulkin_pipe);
-       if (sc->sc_bulkout_pipe != NULL)
+               sc->sc_bulkin_pipe = NULL;
+       }
+       if (sc->sc_bulkout_pipe != NULL) {
                usbd_abort_pipe(sc->sc_bulkout_pipe);
+               sc->sc_bulkout_pipe = NULL;
+       }
 
        mutex_enter(&sc->sc_lock);
 
@@ -1263,7 +1267,9 @@
        if (sc == NULL)
                return 0;
 
-       mutex_enter(&sc->sc_lock);
+       KASSERT(&sc->sc_lock);
+       KASSERT(mutex_owned(&tty_lock));
+
        old = sc->sc_rx_stopped;
        sc->sc_rx_stopped = (u_char)block;
 
@@ -1273,7 +1279,6 @@
                softint_schedule(sc->sc_si);
                kpreempt_enable();
        }
-       mutex_exit(&sc->sc_lock);
 
        return 1;
 }



Home | Main Index | Thread Index | Old Index