[PATCH] g_file_storage: fix obscure race condition
This patch (as575) fixes an unlikely race in the g_file_storage driver.
The problem can occur only when the driver is unbound before its
initialization routine has finished.
I also took the opportunity to replace kmalloc/memset with kzalloc.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c
index 241c570..86a6aeb 100644
--- a/drivers/usb/gadget/file_storage.c
+++ b/drivers/usb/gadget/file_storage.c
@@ -3823,12 +3823,11 @@
/* Create the LUNs, open their backing files, and register the
* LUN devices in sysfs. */
- fsg->luns = kmalloc(i * sizeof(struct lun), GFP_KERNEL);
+ fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL);
if (!fsg->luns) {
rc = -ENOMEM;
goto out;
}
- memset(fsg->luns, 0, i * sizeof(struct lun));
fsg->nluns = i;
for (i = 0; i < fsg->nluns; ++i) {
@@ -3989,6 +3988,11 @@
mod_data.removable, mod_data.can_stall,
mod_data.buflen);
DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid);
+
+ set_bit(REGISTERED, &fsg->atomic_bitflags);
+
+ /* Tell the thread to start working */
+ wake_up_process(fsg->thread_task);
return 0;
autoconf_fail:
@@ -4051,10 +4055,9 @@
{
struct fsg_dev *fsg;
- fsg = kmalloc(sizeof *fsg, GFP_KERNEL);
+ fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
if (!fsg)
return -ENOMEM;
- memset(fsg, 0, sizeof *fsg);
spin_lock_init(&fsg->lock);
init_rwsem(&fsg->filesem);
init_waitqueue_head(&fsg->thread_wqh);
@@ -4080,15 +4083,9 @@
if ((rc = fsg_alloc()) != 0)
return rc;
fsg = the_fsg;
- if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) {
+ if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0)
fsg_free(fsg);
- return rc;
- }
- set_bit(REGISTERED, &fsg->atomic_bitflags);
-
- /* Tell the thread to start working */
- wake_up_process(fsg->thread_task);
- return 0;
+ return rc;
}
module_init(fsg_init);