All of lore.kernel.org
 help / color / mirror / Atom feed
From: Oliver Neukum <oneukum@suse.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: bjorn@mork.no, linux-usb@vger.kernel.org
Subject: Re: [RFC 0/5] fix races in CDC-WDM
Date: Thu, 10 Sep 2020 11:09:17 +0200	[thread overview]
Message-ID: <1599728957.10822.9.camel@suse.com> (raw)
In-Reply-To: <ee0af733-903f-8e8f-8027-b5490a37032f@i-love.sakura.ne.jp>

Am Mittwoch, den 12.08.2020, 23:29 +0900 schrieb Tetsuo Handa:
> On 2020/08/12 22:20, Oliver Neukum wrote:
> > CDC-WDM was not written with multithreaded users or
> > uncooperative devices in mind.
> > This leads to race conditions and hangs in flush(). 


Hi,

thank you for waiting. Family emergency.

> In patch "[RFC 2/5] CDC-WDM: introduce a timeout in flush()", since multiple users can
> share "desc", wouldn't someone's usb_submit_urb() from wdm_write() gets unexpectedly
> interfered by someone else's usb_kill_urb(desc->command) from wdm_open() ?

Yes. Fixed.

> In patch "[RFC 2/5] CDC-WDM: introduce a timeout in flush()", don't we need to similarly
> apply timeout to wait_event_interruptible() in wdm_write(), for the same problem will
> happen if hardware remained silent forever?

Technically a device may take forever. Interrupting a wait in write()
is not problematic.

> In patch "[RFC 3/5] CDC-WDM: making flush() interruptible", it is legal to return -EINTR
>  from close(). But I think that returning -EINTR from close() is not recommended because
> it can confuse multithreaded application (retrying close() upon -EINTR is not safe).

Well, but what is the alternative? Should we ignore signals?

> In patch "[RFC 5/5] CDC-WDM: remove use of intf->dev after potential disconnect",
> 
>         /* cannot dereference desc->intf if WDM_DISCONNECTING */
>         if (test_bit(WDM_DISCONNECTING, &desc->flags))
>                 return -ENODEV;
> 
> can be also removed, for this check is meant for not to dereference desc->intf
> after disconnect ?

It can be removed, but that would make error reporting worse.

> Guessing from symmetry, do we need to check WDM_DISCONNECTING or WDM_RESETTING
> in wait_event_interruptible_timeout() from wdm_flush() when wait_event_interruptible()
> in wdm_write() is not checking WDM_DISCONNECTING nor WDM_RESETTING ?

Added

> Does it make sense to wait for response of someone else's usb_submit_urb() when
> someone is calling close(), for there is no guarantee that failure notice received
> via wdm_flush() via some file descriptor corresponds to usb_submit_urb() request from
> wdm_write() call from that file descriptor?

Well, user space may do multithreading. Whether it makes sense is
another question. We just need to return results confirming to the
standards. You noticed bugs. I think the next version will fix them.

What else would we do?

	Regards
		Oliver



  reply	other threads:[~2020-09-10  9:09 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-12 13:20 [RFC 0/5] fix races in CDC-WDM Oliver Neukum
2020-08-12 13:20 ` [RFC 1/5] CDC-WDM: fix hangs in flush() Oliver Neukum
2020-08-12 13:20 ` [RFC 2/5] CDC-WDM: introduce a timeout " Oliver Neukum
2020-08-12 13:20 ` [RFC 3/5] CDC-WDM: making flush() interruptible Oliver Neukum
2020-08-12 13:20 ` [RFC 4/5] CDC-WDM: fix race reporting errors in flush Oliver Neukum
2020-08-12 13:20 ` [RFC 5/5] CDC-WDM: remove use of intf->dev after potential disconnect Oliver Neukum
2020-08-12 14:29 ` [RFC 0/5] fix races in CDC-WDM Tetsuo Handa
2020-09-10  9:09   ` Oliver Neukum [this message]
2020-09-10 10:01     ` Tetsuo Handa
2020-09-15  9:14       ` Oliver Neukum
2020-09-15 10:30         ` Tetsuo Handa
2020-09-16 10:18           ` Oliver Neukum
2020-09-16 11:14             ` Tetsuo Handa
2020-09-17  9:50               ` Oliver Neukum
2020-09-17 11:24                 ` Tetsuo Handa
2020-09-17 14:17                   ` Oliver Neukum
2020-09-17 16:17                     ` Tetsuo Handa
2020-09-21 10:52                       ` Oliver Neukum
2020-09-22  1:56                         ` Tetsuo Handa
2020-09-22  7:33                           ` Oliver Neukum
2020-09-22  8:34                             ` Tetsuo Handa
2020-09-22  9:45                               ` Oliver Neukum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1599728957.10822.9.camel@suse.com \
    --to=oneukum@suse.com \
    --cc=bjorn@mork.no \
    --cc=linux-usb@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.