Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752061AbdC1MKs (ORCPT <rfc822;w@1wt.eu>);
        Tue, 28 Mar 2017 08:10:48 -0400
Received: from mailout4.samsung.com ([203.254.224.34]:47766 "EHLO
        mailout4.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751306AbdC1MKp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Mar 2017 08:10:45 -0400
X-AuditID: b6c32a2c-f79be6d0000051f7-e9-58da52a57430
From: Ajay Kaher <ajay.kaher@samsung.com>
To: gregkh@linuxfoundation.org
Cc: stern@rowland.harvard.edu, linux-usb@vger.kernel.org,
        linux-kernel@vger.kernel.org, aman.deep@samsung.com,
        hemanshu.s@samsung.com, ajay.kaher@samsung.com
Subject: [PATCH v4] USB: Proper handling of Race Condition when two USB class
 drivers try to call init_usb_class simultaneously
Date: Tue, 28 Mar 2017 08:09:32 -0400
Message-id: <1490702972-22560-1-git-send-email-ajay.kaher@samsung.com>
X-Mailer: git-send-email 2.7.4
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNKsWRmVeSWpSXmKPExsWy7bCmpu7SoFsRBrNmWlkseH6X2WL/+y0s
        Fs2L17NZvDr/htni8q45bBaLlrUyW0z4fYHNgd1j/9w17B6z7/5g9OjbsorR4/MmuQCWqFSb
        jNTElNQihdS85PyUzLx0WyXv4HjneFMzA0NdQ0sLcyWFvMTcVFslF58AXbfMHKALlBTKEnNK
        gUIBicXFSvp2NkX5pSWpChn5xSW2StGGhkZ6hgbmekZGRnomprFWRqZAJQmpGTPer2ErOMlb
        8eLZH/YGxo3cXYycHBICJhKn9v1mgbDFJC7cW8/WxcjFISSwlFHi46NlzBDOJ0aJTVO3MsE5
        bzu2sHYxcoC1t8+phojvZJR4+X4aVEc3k8T5mRuZQOayCWhK7OzeCrZDREBO4sntP2BFzAIL
        GSVO3uphBXGEBRoZJbpOrGQDqWIRUJWYcuofWDevgJvEl7+rWCEulJO4ea4TrFtCoJFN4tnl
        x1Cnu0gcP3iNGcIWlnh1fAs7hC0l8fndXjYIu17i9vmNUM09jBI/Dl6CSthLtEw5wALyEDPQ
        ret36UOEbSV2Xb7KAvEnn8SNt4IgYWYgs/f3EyaIEhWJFQfns0OU8Ep0tAlBhD0kFtyaAzXc
        UeLxgbNg5UICsRKT+xoYJzDKz0LYtYCRcRWjWGpBcW56arFpgaFecWJucWleul5yfu4mRnBC
        09LZwXhvgfchRgEORiUe3orQmxFCrIllxZW5hxglOJiVRHgl/W5FCPGmJFZWpRblxxeV5qQW
        H2I0BQbkRGYp0eR8YLLNK4k3NLE0MDE1MzUxN7QwVRLn1Vh5LUJIID2xJDU7NbUgtQimj4mD
        U6qBMab0mKLPlpaQf3Nvyb2al9N01jLrjI26TXPpH5NXD2bO/rP2vSrL0w8PHzboBR6v/BGz
        QfeqtPGm8i/+HM9UF15iyzK/Z/nm2KJfwg4+55e7qEVoHVr6k/3KC9vlnzdLCHWoMKpPsv81
        3c5Y9uPzL2olIV//lmu8ENgyZ11JcFTmraT1c841HVViKc5INNRiLipOBAB9aP5xfgMAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnluLIzCtJLcpLzFFi42LZdlhJXrcl6FaEwZd1IhYLnt9lttj/fguL
        RfPi9WwWr86/Yba4vGsOm8WiZa3MFhN+X2BzYPfYP3cNu8fsuz8YPfq2rGL0+LxJLoAlissm
        JTUnsyy1SN8ugStjxvs1bAUneStePPvD3sC4kbuLkYNDQsBEon1OdRcjJ5ApJnHh3nq2LkYu
        DiGB7YwSjbvmsUIk1CSON05jhrCFJVb+e84OUdTJJHHtcxdYgk1AU2Jn91YWEFtEQE7iye0/
        zCBFzALLGSV+Nf0BmyQsUC8x70cfE4jNIqAqMeXUPzCbV8BN4svfVVDb5CRunutknsDIu4CR
        YRWjaGpBcW56bnGBoV5xYm5xaV66XnJ+7iZGcDBpJe5gXDcj/BCjAAejEg/vj6qbEUKsiWXF
        lbmHGCU4mJVEeCX9bkUI8aYkVlalFuXHF5XmpBYfYpTmYFES571VvSFCSCA9sSQ1OzW1ILUI
        JsvEwSnVwLiI8/zXbHMPG/tL0tNMgn9s9Fi9VqmpqLPa5hirltjnzLviSz9nzNsske+purKo
        4Vs+T/LRv54d7f+FHh4zqS1kLDode2ZjWOG0TKPApi+vxY+snlEkfcWIPfmJDn97kziTuPOq
        o1JljfnP7hz9OXUeX10n427eu9sVOAQ+u95zjbfNPWFirMRSnJFoqMVcVJwIADHf9DwiAgAA
X-CMS-MailID: 20170328121013epcas5p493f1509064350349fbcdb655793d8d4e
X-Msg-Generator: CA
X-Sender-IP: 182.195.40.14
X-Local-Sender: =?UTF-8?B?QWpheSBLYWhlchtTUkktRGVsaGktU3lzdGVtIFMvVyBUZWFt?=
        =?UTF-8?B?G+yCvOyEseyghOyekBtMZWFkIEVuZ2luZWVy?=
X-Global-Sender: =?UTF-8?B?QWpheSBLYWhlchtTUkktRGVsaGktU3lzdGVtIFMvVyBUZWFt?=
        =?UTF-8?B?G1NhbXN1bmcgRWxlY3Ryb25pY3MbTGVhZCBFbmdpbmVlcg==?=
X-Sender-Code: =?UTF-8?B?QzEwG1NXQUhRG0MxMElEMDJJRDAyODExMg==?=
Content-type: text/plain; charset=utf-8
X-MTR: 20170328121013epcas5p493f1509064350349fbcdb655793d8d4e
X-EPHeader: CA
CMS-TYPE: 105P
DLP-Filter: Pass
X-CFilter-Loop: Reflected
X-Auth-Email: ajay.kaher@samsung.com
X-HopCount: 7
X-CMS-RootMailID: 20170328121013epcas5p493f1509064350349fbcdb655793d8d4e
X-RootMTR: 20170328121013epcas5p493f1509064350349fbcdb655793d8d4e
References: <CGME20170328121013epcas5p493f1509064350349fbcdb655793d8d4e@epcas5p4.samsung.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1679
Lines: 56

Greg, sending patch again using git send-email, please apply.
Let me know if still any issue.

There is race condition when two USB class drivers try to call
init_usb_class at the same time and leads to crash.
code path: probe->usb_register_dev->init_usb_class

To solve this, mutex locking has been added in init_usb_class() and
destroy_usb_class().

As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.

Signed-off-by: Ajay Kaher <ajay.kaher@samsung.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
---
 drivers/usb/core/file.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c
index 822ced9..422ce7b 100644
--- a/drivers/usb/core/file.c
+++ b/drivers/usb/core/file.c
@@ -27,6 +27,7 @@
 #define MAX_USB_MINORS	256
 static const struct file_operations *usb_minors[MAX_USB_MINORS];
 static DECLARE_RWSEM(minor_rwsem);
+static DEFINE_MUTEX(init_usb_class_mutex);
 
 static int usb_open(struct inode *inode, struct file *file)
 {
@@ -109,8 +110,9 @@ static void release_usb_class(struct kref *kref)
 
 static void destroy_usb_class(void)
 {
-	if (usb_class)
-		kref_put(&usb_class->kref, release_usb_class);
+	mutex_lock(&init_usb_class_mutex);
+	kref_put(&usb_class->kref, release_usb_class);
+	mutex_unlock(&init_usb_class_mutex);
 }
 
 int usb_major_init(void)
@@ -171,7 +173,10 @@ int usb_register_dev(struct usb_interface *intf,
 	if (intf->minor >= 0)
 		return -EADDRINUSE;
 
+	mutex_lock(&init_usb_class_mutex);
 	retval = init_usb_class();
+	mutex_unlock(&init_usb_class_mutex);
+
 	if (retval)
 		return retval;
 
-- 
2.7.4