Linux-USB Archive on lore.kernel.org
 help / color / Atom feed
* Duplicated code in hiddev_open()
@ 2019-08-16 17:10 Alan Stern
  2019-08-19 10:41 ` Oliver Neukum
  0 siblings, 1 reply; 4+ messages in thread
From: Alan Stern @ 2019-08-16 17:10 UTC (permalink / raw)
  To: Jiri Kosina, Oliver Neukum; +Cc: USB list

Oliver and Jiri:

Why is there duplicated code in
drivers/hid/usbhid/hiddev.c:hiddev_open()?

Line 267:
	/*
	 * no need for locking because the USB major number
	 * is shared which usbcore guards against disconnect
	 */
	if (list->hiddev->exist) {
		if (!list->hiddev->open++) {
			res = hid_hw_open(hiddev->hid);
			if (res < 0)
				goto bail;
		}
	} else {
		res = -ENODEV;
		goto bail;
	}

Line 286:
	mutex_lock(&hiddev->existancelock);
	if (!list->hiddev->open++)
		if (list->hiddev->exist) {
			struct hid_device *hid = hiddev->hid;
			res = hid_hw_power(hid, PM_HINT_FULLON);
			if (res < 0)
				goto bail_unlock;
			res = hid_hw_open(hid);
			if (res < 0)
				goto bail_normal_power;
		}
	mutex_unlock(&hiddev->existancelock);

The second part can never execute, because the first part ensures that 
list->hiddev->open > 0 by the time the second part runs.

Even more disturbing, why is one of these code sections protected by a 
mutex and the other not?

Note: The second section was added in commit 0361a28d3f9a ("HID: 
autosuspend support for USB HID") over ten years ago!

Alan Stern


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Duplicated code in hiddev_open()
  2019-08-16 17:10 Duplicated code in hiddev_open() Alan Stern
@ 2019-08-19 10:41 ` Oliver Neukum
  2019-08-19 14:17   ` Alan Stern
  0 siblings, 1 reply; 4+ messages in thread
From: Oliver Neukum @ 2019-08-19 10:41 UTC (permalink / raw)
  To: Alan Stern, Jiri Kosina; +Cc: USB list

Am Freitag, den 16.08.2019, 13:10 -0400 schrieb Alan Stern:
> Oliver and Jiri:
> 
> Why is there duplicated code in
> drivers/hid/usbhid/hiddev.c:hiddev_open()?
> 
> Line 267:
> 	/*
> 	 * no need for locking because the USB major number
> 	 * is shared which usbcore guards against disconnect
> 	 */
> 	if (list->hiddev->exist) {
> 		if (!list->hiddev->open++) {
> 			res = hid_hw_open(hiddev->hid);
> 			if (res < 0)
> 				goto bail;
> 		}
> 	} else {
> 		res = -ENODEV;
> 		goto bail;
> 	}
> 
> Line 286:
> 	mutex_lock(&hiddev->existancelock);
> 	if (!list->hiddev->open++)
> 		if (list->hiddev->exist) {
> 			struct hid_device *hid = hiddev->hid;
> 			res = hid_hw_power(hid, PM_HINT_FULLON);
> 			if (res < 0)
> 				goto bail_unlock;
> 			res = hid_hw_open(hid);
> 			if (res < 0)
> 				goto bail_normal_power;
> 		}
> 	mutex_unlock(&hiddev->existancelock);
> 
> The second part can never execute, because the first part ensures that 
> list->hiddev->open > 0 by the time the second part runs.
> 
> Even more disturbing, why is one of these code sections protected by a 
> mutex and the other not?

I suppose the comment I made back then:

079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 268)    * no need for locking because the USB major number
079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 269)    * is shared which usbcore guards against disconnect

has ceased to be true, but the section was not removed, as the check
for existance was duplicated.

> Note: The second section was added in commit 0361a28d3f9a ("HID: 
> autosuspend support for USB HID") over ten years ago!

Yes and I remember how frustrating keyboards were in testing, but
no further details.

	Regards
		Oliver


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Duplicated code in hiddev_open()
  2019-08-19 10:41 ` Oliver Neukum
@ 2019-08-19 14:17   ` Alan Stern
  2019-08-20 14:34     ` Oliver Neukum
  0 siblings, 1 reply; 4+ messages in thread
From: Alan Stern @ 2019-08-19 14:17 UTC (permalink / raw)
  To: Oliver Neukum; +Cc: Jiri Kosina, USB list

On Mon, 19 Aug 2019, Oliver Neukum wrote:

> Am Freitag, den 16.08.2019, 13:10 -0400 schrieb Alan Stern:
> > Oliver and Jiri:
> > 
> > Why is there duplicated code in
> > drivers/hid/usbhid/hiddev.c:hiddev_open()?
> > 
> > Line 267:
> > 	/*
> > 	 * no need for locking because the USB major number
> > 	 * is shared which usbcore guards against disconnect
> > 	 */
> > 	if (list->hiddev->exist) {
> > 		if (!list->hiddev->open++) {
> > 			res = hid_hw_open(hiddev->hid);
> > 			if (res < 0)
> > 				goto bail;
> > 		}
> > 	} else {
> > 		res = -ENODEV;
> > 		goto bail;
> > 	}
> > 
> > Line 286:
> > 	mutex_lock(&hiddev->existancelock);
> > 	if (!list->hiddev->open++)
> > 		if (list->hiddev->exist) {
> > 			struct hid_device *hid = hiddev->hid;
> > 			res = hid_hw_power(hid, PM_HINT_FULLON);
> > 			if (res < 0)
> > 				goto bail_unlock;
> > 			res = hid_hw_open(hid);
> > 			if (res < 0)
> > 				goto bail_normal_power;
> > 		}
> > 	mutex_unlock(&hiddev->existancelock);
> > 
> > The second part can never execute, because the first part ensures that 
> > list->hiddev->open > 0 by the time the second part runs.
> > 
> > Even more disturbing, why is one of these code sections protected by a 
> > mutex and the other not?
> 
> I suppose the comment I made back then:
> 
> 079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 268)    * no need for locking because the USB major number
> 079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 269)    * is shared which usbcore guards against disconnect
> 
> has ceased to be true, but the section was not removed, as the check
> for existance was duplicated.
> 
> > Note: The second section was added in commit 0361a28d3f9a ("HID: 
> > autosuspend support for USB HID") over ten years ago!
> 
> Yes and I remember how frustrating keyboards were in testing, but
> no further details.

Indeed.  But more importantly for now, how should this be fixed?  This
may be the culprit in some of the syzbot bug reports (those involving 
hiddev).

Alan Stern


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Duplicated code in hiddev_open()
  2019-08-19 14:17   ` Alan Stern
@ 2019-08-20 14:34     ` Oliver Neukum
  0 siblings, 0 replies; 4+ messages in thread
From: Oliver Neukum @ 2019-08-20 14:34 UTC (permalink / raw)
  To: Alan Stern; +Cc: Jiri Kosina, USB list

Am Montag, den 19.08.2019, 10:17 -0400 schrieb Alan Stern:
> On Mon, 19 Aug 2019, Oliver Neukum wrote:
> 
> > Am Freitag, den 16.08.2019, 13:10 -0400 schrieb Alan Stern:
> > > Oliver and Jiri:
> > > 
> > > Why is there duplicated code in
> > > drivers/hid/usbhid/hiddev.c:hiddev_open()?
> > > 
> > > Line 267:
> > > 	/*
> > > 	 * no need for locking because the USB major number
> > > 	 * is shared which usbcore guards against disconnect
> > > 	 */
> > > 	if (list->hiddev->exist) {
> > > 		if (!list->hiddev->open++) {
> > > 			res = hid_hw_open(hiddev->hid);
> > > 			if (res < 0)
> > > 				goto bail;
> > > 		}
> > > 	} else {
> > > 		res = -ENODEV;
> > > 		goto bail;
> > > 	}
> > > 
> > > Line 286:
> > > 	mutex_lock(&hiddev->existancelock);
> > > 	if (!list->hiddev->open++)
> > > 		if (list->hiddev->exist) {
> > > 			struct hid_device *hid = hiddev->hid;
> > > 			res = hid_hw_power(hid, PM_HINT_FULLON);
> > > 			if (res < 0)
> > > 				goto bail_unlock;
> > > 			res = hid_hw_open(hid);
> > > 			if (res < 0)
> > > 				goto bail_normal_power;
> > > 		}
> > > 	mutex_unlock(&hiddev->existancelock);
> > > 
> > > The second part can never execute, because the first part ensures that 
> > > list->hiddev->open > 0 by the time the second part runs.
> > > 
> > > Even more disturbing, why is one of these code sections protected by a 
> > > mutex and the other not?
> > 
> > I suppose the comment I made back then:
> > 
> > 079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 268)    * no need for locking because the USB major number
> > 079034073faf9 drivers/hid/usbhid/hiddev.c (Oliver Neukum               2008-12-16 10:55:15 +0100 269)    * is shared which usbcore guards against disconnect
> > 
> > has ceased to be true, but the section was not removed, as the check
> > for existance was duplicated.
> > 
> > > Note: The second section was added in commit 0361a28d3f9a ("HID: 
> > > autosuspend support for USB HID") over ten years ago!
> > 
> > Yes and I remember how frustrating keyboards were in testing, but
> > no further details.
> 
> Indeed.  But more importantly for now, how should this be fixed?  This
> may be the culprit in some of the syzbot bug reports (those involving 
> hiddev).


I doubt it. This looks like it would cause a resource leak, not the
other way round. But I'd say all operations need to be done under lock.

	Regards
		



oliver


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-16 17:10 Duplicated code in hiddev_open() Alan Stern
2019-08-19 10:41 ` Oliver Neukum
2019-08-19 14:17   ` Alan Stern
2019-08-20 14:34     ` Oliver Neukum

Linux-USB Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-usb/0 linux-usb/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-usb linux-usb/ https://lore.kernel.org/linux-usb \
		linux-usb@vger.kernel.org linux-usb@archiver.kernel.org
	public-inbox-index linux-usb

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-usb


AGPL code for this site: git clone https://public-inbox.org/ public-inbox