From: Axel Lin Date: Thu, 18 Nov 2010 07:59:34 +0000 (-0800) Subject: Input: xpad - ensure xpad->bulk_out is initialized before submitting urb X-Git-Tag: v2.6.38-rc1~463^2^2~25 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e3f0f0a6c11b049f1be603dcfec82d2a8643f5fd;p=users%2Fhch%2Fmisc.git Input: xpad - ensure xpad->bulk_out is initialized before submitting urb As pointed out by Oliver Neukum: xpad->irq_in is currently submitted before xpad->bulk_out is allocated. That however is a race, because the callback for irq_in can call xpad360w_process_packet(), which will in turn submit the bulk URB. This patch moves initialization for xpad->bulk_out earlier, so we can ensure xpad->bulk_out is initialized before submitting urb. Signed-off-by: Axel Lin Signed-off-by: Dmitry Torokhov --- diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index 4875de9a3f88..56abf3d0e911 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -921,19 +921,7 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id usb_set_intfdata(intf, xpad); - /* - * Submit the int URB immediately rather than waiting for open - * because we get status messages from the device whether - * or not any controllers are attached. In fact, it's - * exactly the message that a controller has arrived that - * we're waiting for. - */ if (xpad->xtype == XTYPE_XBOX360W) { - xpad->irq_in->dev = xpad->udev; - error = usb_submit_urb(xpad->irq_in, GFP_KERNEL); - if (error) - goto fail7; - /* * Setup the message to set the LEDs on the * controller when it shows up @@ -941,13 +929,13 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id xpad->bulk_out = usb_alloc_urb(0, GFP_KERNEL); if (!xpad->bulk_out) { error = -ENOMEM; - goto fail8; + goto fail7; } xpad->bdata = kzalloc(XPAD_PKT_LEN, GFP_KERNEL); if (!xpad->bdata) { error = -ENOMEM; - goto fail9; + goto fail8; } xpad->bdata[2] = 0x08; @@ -969,12 +957,24 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id usb_fill_bulk_urb(xpad->bulk_out, udev, usb_sndbulkpipe(udev, ep_irq_in->bEndpointAddress), xpad->bdata, XPAD_PKT_LEN, xpad_bulk_out, xpad); + + /* + * Submit the int URB immediately rather than waiting for open + * because we get status messages from the device whether + * or not any controllers are attached. In fact, it's + * exactly the message that a controller has arrived that + * we're waiting for. + */ + xpad->irq_in->dev = xpad->udev; + error = usb_submit_urb(xpad->irq_in, GFP_KERNEL); + if (error) + goto fail9; } return 0; - fail9: usb_free_urb(xpad->bulk_out); - fail8: usb_kill_urb(xpad->irq_in); + fail9: kfree(xpad->bdata); + fail8: usb_free_urb(xpad->bulk_out); fail7: input_unregister_device(input_dev); input_dev = NULL; fail6: xpad_led_disconnect(xpad);