HID: hiddev: fix race between hiddev_disconnect and hiddev_release
authorJiri Kosina <jkosina@suse.cz>
Fri, 20 May 2011 08:50:13 +0000 (10:50 +0200)
committerJiri Kosina <jkosina@suse.cz>
Fri, 20 May 2011 08:50:13 +0000 (10:50 +0200)
commit6cb4b040795c555c7ab4b1ba29b0dba2b5a42beb
treeddc3db5bb24691ecd5da6bbc4dec044d2a4a5e78
parent437f3b199c437e2a9ac01b9ab733c78e5fc7c720
HID: hiddev: fix race between hiddev_disconnect and hiddev_release

When hiddev_disconnect() runs with chardev open, it will proceed with
usbhid_close(). When userspace in parallel runs the hiddev_release(),
it sees !hiddev->exists (as it has been already set so by
hiddev_disconnect()) and kfrees hiddev while hiddev_disconnect() hasn't
finished yet.

Serialize the access to hiddev->exists and hiddev->open by existancelock.

Reported-by: mike-@cinci.rr.com
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
drivers/hid/usbhid/hiddev.c