Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/usb Sometimes the device disappears out from under u...
details: https://anonhg.NetBSD.org/src/rev/073acec2d456
branches: trunk
changeset: 783332:073acec2d456
user: jakllsch <jakllsch%NetBSD.org@localhost>
date: Sat Dec 15 04:09:24 2012 +0000
description:
Sometimes the device disappears out from under us and device_lookup_private()
will return NULL. Be paranoid about this to prevent NULL pointer dereferences.
diffstat:
sys/dev/usb/ucom.c | 40 ++++++++++++++++++++++++++--------------
1 files changed, 26 insertions(+), 14 deletions(-)
diffs (129 lines):
diff -r 8690bb43236f -r 073acec2d456 sys/dev/usb/ucom.c
--- a/sys/dev/usb/ucom.c Sat Dec 15 02:38:46 2012 +0000
+++ b/sys/dev/usb/ucom.c Sat Dec 15 04:09:24 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ucom.c,v 1.100 2012/10/17 17:05:15 mlelstv Exp $ */
+/* $NetBSD: ucom.c,v 1.101 2012/12/15 04:09:24 jakllsch Exp $ */
/*
* Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ucom.c,v 1.100 2012/10/17 17:05:15 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ucom.c,v 1.101 2012/12/15 04:09:24 jakllsch Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -580,10 +580,16 @@
ucomclose(dev_t dev, int flag, int mode, struct lwp *l)
{
struct ucom_softc *sc = device_lookup_private(&ucom_cd, UCOMUNIT(dev));
- struct tty *tp = sc->sc_tty;
+ struct tty *tp;
int s;
DPRINTF(("ucomclose: unit=%d\n", UCOMUNIT(dev)));
+
+ if (sc == NULL)
+ return 0;
+
+ tp = sc->sc_tty;
+
if (!ISSET(tp->t_state, TS_ISOPEN))
return (0);
@@ -616,12 +622,14 @@
ucomread(dev_t dev, struct uio *uio, int flag)
{
struct ucom_softc *sc = device_lookup_private(&ucom_cd, UCOMUNIT(dev));
- struct tty *tp = sc->sc_tty;
+ struct tty *tp;
int error;
- if (sc->sc_dying)
+ if (sc == NULL || sc->sc_dying)
return (EIO);
+ tp = sc->sc_tty;
+
sc->sc_refcnt++;
error = ((*tp->t_linesw->l_read)(tp, uio, flag));
if (--sc->sc_refcnt < 0)
@@ -633,12 +641,14 @@
ucomwrite(dev_t dev, struct uio *uio, int flag)
{
struct ucom_softc *sc = device_lookup_private(&ucom_cd, UCOMUNIT(dev));
- struct tty *tp = sc->sc_tty;
+ struct tty *tp;
int error;
- if (sc->sc_dying)
+ if (sc == NULL || sc->sc_dying)
return (EIO);
+ tp = sc->sc_tty;
+
sc->sc_refcnt++;
error = ((*tp->t_linesw->l_write)(tp, uio, flag));
if (--sc->sc_refcnt < 0)
@@ -670,9 +680,8 @@
ucomtty(dev_t dev)
{
struct ucom_softc *sc = device_lookup_private(&ucom_cd, UCOMUNIT(dev));
- struct tty *tp = sc->sc_tty;
- return (tp);
+ return ((sc != NULL) ? sc->sc_tty : NULL);
}
int
@@ -681,6 +690,9 @@
struct ucom_softc *sc = device_lookup_private(&ucom_cd, UCOMUNIT(dev));
int error;
+ if (sc == NULL || sc->sc_dying)
+ return (EIO);
+
sc->sc_refcnt++;
error = ucom_do_ioctl(sc, cmd, data, flag, l);
if (--sc->sc_refcnt < 0)
@@ -696,9 +708,6 @@
int error;
int s;
- if (sc->sc_dying)
- return (EIO);
-
DPRINTF(("ucomioctl: cmd=0x%08lx\n", cmd));
error = (*tp->t_linesw->l_ioctl)(tp, cmd, data, flag, l);
@@ -890,7 +899,7 @@
UCOMUNIT(tp->t_dev));
int error;
- if (sc->sc_dying)
+ if (sc == NULL || sc->sc_dying)
return (EIO);
/* Check requested parameters. */
@@ -959,6 +968,9 @@
UCOMUNIT(tp->t_dev));
int old;
+ if (sc == NULL)
+ return (0);
+
old = sc->sc_rx_stopped;
sc->sc_rx_stopped = (u_char)block;
@@ -982,7 +994,7 @@
u_char *data;
int cnt;
- if (sc->sc_dying)
+ if (sc == NULL || sc->sc_dying)
return;
s = spltty();
Home |
Main Index |
Thread Index |
Old Index