Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completingasync USB via usbdevio

From: Linus Torvalds
Date: Thu Oct 13 2005 - 18:18:02 EST

On Thu, 13 Oct 2005, Pete Zaitcev wrote:
> The whole application cannot exit and leave URBs running behind,
> because usbdevio_release() blocks until they are terminated.


You just do a fork(), and a close in the parent.

"release()" won't be called until the _last_ close, and the task that
opened the fd can certainly exit before that.

If you want to have something that is called on each close, you can
trigger on the "flush()" VFS call, but then you have to realize that that
can happen an infinite number of times, and while the original one is open
(ie on a fork, if the _child_ calls close(), then you'll get a flush, even
though the original fd is still open and still in use).

So you really don't want to terminate the URB's in "flush()". Which means
that the original process can very much be long gone when release happens.

It's a fundamental mistake to think that file descriptors stay with the
process that opened them.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at