Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753275AbdF2Q6V (ORCPT ); Thu, 29 Jun 2017 12:58:21 -0400 Received: from imap0.codethink.co.uk ([185.43.218.159]:38387 "EHLO imap0.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752910AbdF2Q6L (ORCPT ); Thu, 29 Jun 2017 12:58:11 -0400 Message-ID: <1498755471.1935.55.camel@codethink.co.uk> Subject: Re: [PATCH 4.4 22/30] USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks From: Ben Hutchings To: Alan Stern Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Felipe Balbi , Greg Kroah-Hartman Date: Thu, 29 Jun 2017 17:57:51 +0100 In-Reply-To: <20170619152034.413971329@linuxfoundation.org> References: <20170619152033.211450261@linuxfoundation.org> <20170619152034.413971329@linuxfoundation.org> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1197 Lines: 35 On Mon, 2017-06-19 at 23:20 +0800, Greg Kroah-Hartman wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Alan Stern > > commit f16443a034c7aa359ddf6f0f9bc40d01ca31faea upstream. [...] > The result of this race, as seen above, is that set_link_state() can > invoke a callback in gadgetfs even after gadgetfs has been unbound > from dummy_hcd's UDC and its private data structures have been > deallocated. > > include/linux/usb/gadget.h documents that the ->reset, ->disconnect, > ->suspend, and ->resume callbacks may be invoked in interrupt context. > In general this is necessary, to prevent races with gadget driver > removal. This patch fixes dummy_hcd to retain the spinlock across > these calls, and it adds a spinlock acquisition to dummy_udc_stop() to > prevent the race. > > The net2280 driver makes the same mistake of dropping the private > spinlock for its ->disconnect and ->reset callback invocations. The > patch fixes it too. [...] Why only these two drivers? Most of the other UDC drivers seem to do the same thing. Ben. -- Ben Hutchings Software Developer, Codethink Ltd.