[thirdparty/kernel/stable-queue.git] / releases / 3.0.1 / staging-usbip-vhci-hcd-do-not-kill-already-dead-rx-tx-kthread.patch

From 8547d4cc2b616e4f1dafebe2c673fc986422b506 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Fri, 24 Jun 2011 15:48:47 +0200
Subject: Staging: usbip: vhci-hcd: Do not kill already dead RX/TX kthread

From: Tobias Klauser <tklauser@distanz.ch>

commit 8547d4cc2b616e4f1dafebe2c673fc986422b506 upstream.

When unbinding a device on the host which was still attached on the
client, I got a NULL pointer dereference on the client. This turned out
to be due to kthread_stop() being called on an already dead kthread.

Here is how I was able to reproduce the problem:

 server:# usbip bind -b 1-2
                                client:# usbip attach -h server -b 1-2
 server:# usbip unbind -b 1-2

This patch fixes the problem by checking the kthread before attempting
to kill it, as it is done on the opposite side in
stub_shutdown_connection().

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/staging/usbip/vhci_hcd.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/staging/usbip/vhci_hcd.c
+++ b/drivers/staging/usbip/vhci_hcd.c
@@ -846,9 +846,9 @@ static void vhci_shutdown_connection(str
 	}
 
 	/* kill threads related to this sdev, if v.c. exists */
-	if (vdev->ud.tcp_rx)
+	if (vdev->ud.tcp_rx && !task_is_dead(vdev->ud.tcp_rx))
 		kthread_stop(vdev->ud.tcp_rx);
-	if (vdev->ud.tcp_tx)
+	if (vdev->ud.tcp_tx && !task_is_dead(vdev->ud.tcp_tx))
 		kthread_stop(vdev->ud.tcp_tx);
 
 	pr_info("stop threads\n");
Commit	Line	Data
e2cab6c9 GKH	1	From 8547d4cc2b616e4f1dafebe2c673fc986422b506 Mon Sep 17 00:00:00 2001
	2	From: Tobias Klauser <tklauser@distanz.ch>
	3	Date: Fri, 24 Jun 2011 15:48:47 +0200
	4	Subject: Staging: usbip: vhci-hcd: Do not kill already dead RX/TX kthread
	5
	6	From: Tobias Klauser <tklauser@distanz.ch>
	7
	8	commit 8547d4cc2b616e4f1dafebe2c673fc986422b506 upstream.
	9
	10	When unbinding a device on the host which was still attached on the
	11	client, I got a NULL pointer dereference on the client. This turned out
	12	to be due to kthread_stop() being called on an already dead kthread.
	13
	14	Here is how I was able to reproduce the problem:
	15
	16	server:# usbip bind -b 1-2
	17	client:# usbip attach -h server -b 1-2
	18	server:# usbip unbind -b 1-2
	19
	20	This patch fixes the problem by checking the kthread before attempting
	21	to kill it, as it is done on the opposite side in
	22	stub_shutdown_connection().
	23
	24	Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
	25	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	26
	27	---
	28	drivers/staging/usbip/vhci_hcd.c \| 4 ++--
	29	1 file changed, 2 insertions(+), 2 deletions(-)
	30
	31	--- a/drivers/staging/usbip/vhci_hcd.c
	32	+++ b/drivers/staging/usbip/vhci_hcd.c
	33	@@ -846,9 +846,9 @@ static void vhci_shutdown_connection(str
	34	}
	35
	36	/* kill threads related to this sdev, if v.c. exists */
	37	- if (vdev->ud.tcp_rx)
	38	+ if (vdev->ud.tcp_rx && !task_is_dead(vdev->ud.tcp_rx))
	39	kthread_stop(vdev->ud.tcp_rx);
	40	- if (vdev->ud.tcp_tx)
	41	+ if (vdev->ud.tcp_tx && !task_is_dead(vdev->ud.tcp_tx))
	42	kthread_stop(vdev->ud.tcp_tx);
	43
	44	pr_info("stop threads\n");