From: Shuah Khan <skhan@linuxfoundation.org>
To: valentina.manea.m@gmail.com, shuah@kernel.org,
gregkh@linuxfoundation.org
Cc: Shuah Khan <skhan@linuxfoundation.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com,
stable@vger.kernel.org
Subject: [PATCH 4/4] usbip: synchronize event handler with sysfs code paths
Date: Mon, 29 Mar 2021 19:36:51 -0600 [thread overview]
Message-ID: <c5c8723d3f29dfe3d759cfaafa7dd16b0dfe2918.1616807117.git.skhan@linuxfoundation.org> (raw)
In-Reply-To: <cover.1616807117.git.skhan@linuxfoundation.org>
Fuzzing uncovered race condition between sysfs code paths in usbip
drivers. Device connect/disconnect code paths initiated through
sysfs interface are prone to races if disconnect happens during
connect and vice versa.
Use sysfs_lock to synchronize event handler with sysfs paths
in usbip drivers.
Reported-and-tested-by: syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
---
drivers/usb/usbip/usbip_event.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/usbip/usbip_event.c b/drivers/usb/usbip/usbip_event.c
index 5d88917c9631..086ca76dd053 100644
--- a/drivers/usb/usbip/usbip_event.c
+++ b/drivers/usb/usbip/usbip_event.c
@@ -70,6 +70,7 @@ static void event_handler(struct work_struct *work)
while ((ud = get_event()) != NULL) {
usbip_dbg_eh("pending event %lx\n", ud->event);
+ mutex_lock(&ud->sysfs_lock);
/*
* NOTE: shutdown must come first.
* Shutdown the device.
@@ -90,6 +91,7 @@ static void event_handler(struct work_struct *work)
ud->eh_ops.unusable(ud);
unset_event(ud, USBIP_EH_UNUSABLE);
}
+ mutex_unlock(&ud->sysfs_lock);
wake_up(&ud->eh_waitq);
}
--
2.27.0
next prev parent reply other threads:[~2021-03-30 1:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-30 1:36 [PATCH 0/4] usbip synchronize sysfs code paths Shuah Khan
2021-03-30 1:36 ` [PATCH 1/4] usbip: add sysfs_lock to " Shuah Khan
2021-03-30 1:36 ` [PATCH 2/4] usbip: stub-dev " Shuah Khan
2021-03-30 1:36 ` [PATCH 3/4] usbip: vudc " Shuah Khan
2021-03-30 1:36 ` Shuah Khan [this message]
2021-04-16 20:53 [PATCH 1/4] usbip: add sysfs_lock to " Tom Seewald
2021-04-16 20:53 ` [PATCH 4/4] usbip: synchronize event handler with " Tom Seewald
2021-04-16 21:45 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c5c8723d3f29dfe3d759cfaafa7dd16b0dfe2918.1616807117.git.skhan@linuxfoundation.org \
--to=skhan@linuxfoundation.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com \
--cc=valentina.manea.m@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.