ChangeSet 1.1630, 2004/05/13 14:14:34-07:00, stern@rowland.harvard.edu

[PATCH] USB: Don't delete interfaces until all are unbound

On Thu, 13 May 2004, Duncan Sands wrote:

> No, but the pointer for another (previous) interface may just have been
> set to NULL, causing an Oops when usb_ifnum_to_if loops over all
> interfaces.

Of course!  I trust you won't mind me changing your suggested fix
slightly.  This should do an equally good job of repairing things, and it
will prevent other possible invalid references as well.


 drivers/usb/core/message.c |    9 ++++++++-
 drivers/usb/core/usb.c     |    6 ++++++
 2 files changed, 14 insertions(+), 1 deletion(-)


diff -Nru a/drivers/usb/core/message.c b/drivers/usb/core/message.c
--- a/drivers/usb/core/message.c	Fri May 14 15:28:03 2004
+++ b/drivers/usb/core/message.c	Fri May 14 15:28:03 2004
@@ -830,7 +830,14 @@
 			interface = dev->actconfig->interface[i];
 			dev_dbg (&dev->dev, "unregistering interface %s\n",
 				interface->dev.bus_id);
-			device_unregister (&interface->dev);
+			device_del (&interface->dev);
+		}
+
+		/* Now that the interfaces are unbound, nobody should
+		 * try to access them.
+		 */
+		for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
+			put_device (&dev->actconfig->interface[i]->dev);
 			dev->actconfig->interface[i] = NULL;
 		}
 		dev->actconfig = 0;
diff -Nru a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
--- a/drivers/usb/core/usb.c	Fri May 14 15:28:03 2004
+++ b/drivers/usb/core/usb.c	Fri May 14 15:28:03 2004
@@ -198,6 +198,9 @@
  * This routine helps device drivers avoid such mistakes.
  * However, you should make sure that you do the right thing with any
  * alternate settings available for this interfaces.
+ *
+ * Don't call this function unless you are bound to one of the interfaces
+ * on this device or you own the dev->serialize semaphore!
  */
 struct usb_interface *usb_ifnum_to_if(struct usb_device *dev, unsigned ifnum)
 {
@@ -228,6 +231,9 @@
  * it would be incorrect to assume that the first altsetting entry in
  * the array corresponds to altsetting zero.  This routine helps device
  * drivers avoid such mistakes.
+ *
+ * Don't call this function unless you are bound to the intf interface
+ * or you own the device's ->serialize semaphore!
  */
 struct usb_host_interface *usb_altnum_to_altsetting(struct usb_interface *intf,
 		unsigned int altnum)