linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
       [not found] <CGME20170328121013epcas5p493f1509064350349fbcdb655793d8d4e@epcas5p4.samsung.com>
@ 2017-03-28 12:09 ` Ajay Kaher
  2017-03-29  9:56   ` Greg KH
  0 siblings, 1 reply; 4+ messages in thread
From: Ajay Kaher @ 2017-03-28 12:09 UTC (permalink / raw)
  To: gregkh; +Cc: stern, linux-usb, linux-kernel, aman.deep, hemanshu.s, ajay.kaher

Greg, sending patch again using git send-email, please apply.
Let me know if still any issue.

There is race condition when two USB class drivers try to call
init_usb_class at the same time and leads to crash.
code path: probe->usb_register_dev->init_usb_class

To solve this, mutex locking has been added in init_usb_class() and
destroy_usb_class().

As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.

Signed-off-by: Ajay Kaher <ajay.kaher@samsung.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
---
 drivers/usb/core/file.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c
index 822ced9..422ce7b 100644
--- a/drivers/usb/core/file.c
+++ b/drivers/usb/core/file.c
@@ -27,6 +27,7 @@
 #define MAX_USB_MINORS	256
 static const struct file_operations *usb_minors[MAX_USB_MINORS];
 static DECLARE_RWSEM(minor_rwsem);
+static DEFINE_MUTEX(init_usb_class_mutex);
 
 static int usb_open(struct inode *inode, struct file *file)
 {
@@ -109,8 +110,9 @@ static void release_usb_class(struct kref *kref)
 
 static void destroy_usb_class(void)
 {
-	if (usb_class)
-		kref_put(&usb_class->kref, release_usb_class);
+	mutex_lock(&init_usb_class_mutex);
+	kref_put(&usb_class->kref, release_usb_class);
+	mutex_unlock(&init_usb_class_mutex);
 }
 
 int usb_major_init(void)
@@ -171,7 +173,10 @@ int usb_register_dev(struct usb_interface *intf,
 	if (intf->minor >= 0)
 		return -EADDRINUSE;
 
+	mutex_lock(&init_usb_class_mutex);
 	retval = init_usb_class();
+	mutex_unlock(&init_usb_class_mutex);
+
 	if (retval)
 		return retval;
 
-- 
2.7.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
  2017-03-28 12:09 ` [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously Ajay Kaher
@ 2017-03-29  9:56   ` Greg KH
  0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2017-03-29  9:56 UTC (permalink / raw)
  To: Ajay Kaher; +Cc: stern, linux-usb, linux-kernel, aman.deep, hemanshu.s

On Tue, Mar 28, 2017 at 08:09:32AM -0400, Ajay Kaher wrote:
> Greg, sending patch again using git send-email, please apply.
> Let me know if still any issue.

Note, please put comments like this below the --- line so I don't have
to manually edit the file by hand.

I've now queued this up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
  2017-03-17 10:56       ` [PATCH v4] USB: " Ajay Kaher
@ 2017-03-23  7:18         ` gregkh
  0 siblings, 0 replies; 4+ messages in thread
From: gregkh @ 2017-03-23  7:18 UTC (permalink / raw)
  To: Ajay Kaher
  Cc: Alan Stern, linux-usb, linux-kernel, AMAN DEEP, HEMANSHU SRIVASTAVA

On Fri, Mar 17, 2017 at 10:56:37AM +0000, Ajay Kaher wrote:
> There is race condition when two USB class drivers try to call
> init_usb_class at the same time and leads to crash.
> code path: probe->usb_register_dev->init_usb_class
> 
> To solve this, mutex locking has been added in init_usb_class() and 
> destroy_usb_class().
> 
> As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
> because usb_class can never be NULL there.
> 
> Signed-off-by: Ajay Kaher <ajay.kaher@samsung.com>
> Acked-by: Alan Stern <stern@rowland.harvard.edu>
> ---
>  drivers/usb/core/file.c |    9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c
> index 822ced9..422ce7b 100644
> --- a/drivers/usb/core/file.c
> +++ b/drivers/usb/core/file.c
> @@ -27,6 +27,7 @@
>  #define MAX_USB_MINORS	256
>  static const struct file_operations *usb_minors[MAX_USB_MINORS];
>  static DECLARE_RWSEM(minor_rwsem);
> +static DEFINE_MUTEX(init_usb_class_mutex);
>  
>  static int usb_open(struct inode *inode, struct file *file)
>  {
> @@ -109,8 +110,9 @@ static void release_usb_class(struct kref *kref)
>  
>  static void destroy_usb_class(void)
>  {
> -	if (usb_class)
> -		kref_put(&usb_class->kref, release_usb_class);
> +	mutex_lock(&init_usb_class_mutex);
> +	kref_put(&usb_class->kref, release_usb_class);
> +	mutex_unlock(&init_usb_class_mutex);
>  }
>  
>  int usb_major_init(void)
> @@ -171,7 +173,10 @@ int usb_register_dev(struct usb_interface *intf,
>  	if (intf->minor >= 0)
>  		return -EADDRINUSE;
>  
> +	mutex_lock(&init_usb_class_mutex);
>  	retval = init_usb_class();
> +	mutex_unlock(&init_usb_class_mutex);
> +
>  	if (retval)
>  		return retval;
>  

I get the following errors when trying to apply this patch:

Applying: USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
.git/rebase-apply/patch:13: trailing whitespace.
static DEFINE_MUTEX(init_usb_class_mutex);
.git/rebase-apply/patch:23: trailing whitespace.
        mutex_lock(&init_usb_class_mutex);
.git/rebase-apply/patch:24: trailing whitespace.
        kref_put(&usb_class->kref, release_usb_class);
.git/rebase-apply/patch:25: trailing whitespace.
        mutex_unlock(&init_usb_class_mutex);
.git/rebase-apply/patch:33: trailing whitespace.
        mutex_lock(&init_usb_class_mutex);
error: patch failed: drivers/usb/core/file.c:27
error: drivers/usb/core/file.c: patch does not apply
Patch failed at 0001 USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously


Are you sure you made this in the correct format?  Seems that the patch
has dos line-ends :(

Please fix up and resend.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
       [not found]     ` <CGME20170307150103epcas2p348320fdfbb176978d084d8f2b7b9a049@epcms5p2>
@ 2017-03-17 10:56       ` Ajay Kaher
  2017-03-23  7:18         ` gregkh
  0 siblings, 1 reply; 4+ messages in thread
From: Ajay Kaher @ 2017-03-17 10:56 UTC (permalink / raw)
  To: gregkh
  Cc: Alan Stern, linux-usb, linux-kernel, AMAN DEEP, HEMANSHU SRIVASTAVA

[-- Attachment #1: Type: text/plain, Size: 1643 bytes --]

There is race condition when two USB class drivers try to call
init_usb_class at the same time and leads to crash.
code path: probe->usb_register_dev->init_usb_class

To solve this, mutex locking has been added in init_usb_class() and 
destroy_usb_class().

As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.

Signed-off-by: Ajay Kaher <ajay.kaher@samsung.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
---
 drivers/usb/core/file.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c
index 822ced9..422ce7b 100644
--- a/drivers/usb/core/file.c
+++ b/drivers/usb/core/file.c
@@ -27,6 +27,7 @@
 #define MAX_USB_MINORS	256
 static const struct file_operations *usb_minors[MAX_USB_MINORS];
 static DECLARE_RWSEM(minor_rwsem);
+static DEFINE_MUTEX(init_usb_class_mutex);
 
 static int usb_open(struct inode *inode, struct file *file)
 {
@@ -109,8 +110,9 @@ static void release_usb_class(struct kref *kref)
 
 static void destroy_usb_class(void)
 {
-	if (usb_class)
-		kref_put(&usb_class->kref, release_usb_class);
+	mutex_lock(&init_usb_class_mutex);
+	kref_put(&usb_class->kref, release_usb_class);
+	mutex_unlock(&init_usb_class_mutex);
 }
 
 int usb_major_init(void)
@@ -171,7 +173,10 @@ int usb_register_dev(struct usb_interface *intf,
 	if (intf->minor >= 0)
 		return -EADDRINUSE;
 
+	mutex_lock(&init_usb_class_mutex);
 	retval = init_usb_class();
+	mutex_unlock(&init_usb_class_mutex);
+
 	if (retval)
 		return retval;
 
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-29  9:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20170328121013epcas5p493f1509064350349fbcdb655793d8d4e@epcas5p4.samsung.com>
2017-03-28 12:09 ` [PATCH v4] USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously Ajay Kaher
2017-03-29  9:56   ` Greg KH
2017-03-09 12:10 Subject: [PATCH v4] USB:Core: BugFix: " gregkh
2017-03-07 15:00 ` Alan Stern
2017-03-09 11:34   ` Ajay Kaher
     [not found]     ` <CGME20170307150103epcas2p348320fdfbb176978d084d8f2b7b9a049@epcms5p2>
2017-03-17 10:56       ` [PATCH v4] USB: " Ajay Kaher
2017-03-23  7:18         ` gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).