Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp885365pxa; Wed, 19 Aug 2020 18:32:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyStq5XcwsxwdjoQhofvB8stl4jl756vgenV3w7BCSx0V/3eKXZblD9X55ct0rUUTlaBw+M X-Received: by 2002:a17:906:cb91:: with SMTP id mf17mr1004589ejb.527.1597887150791; Wed, 19 Aug 2020 18:32:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597887150; cv=none; d=google.com; s=arc-20160816; b=pFb1iTDh6ou6Iu97ZP55Sq+mcsdkHuxLMh54vH6llSd8gmU1cUouVpGulHvEs7dci8 hnMZZMqUDoqX5Zhr3iIETbnYfa5Fkkbt1kq9QaST24Wfae4Ubc5Sxpe5Uwx5tbLrhaEl 70mkGDIU7OMhq27nLI/B3yQxT4qrbn0cAWKyyj2rbXbb5Y+nUjLxUC7P3AamLYaneDMh pJlDmpFp4VY6qKcLeC88prgtrhZeZflzHXmdSZexPD0TyvhvgVsbTQUkF+4ksypd/1+C LXNaodQf1bCpcHCePYW2JpvASug3zJdFy6XL2VobQn8S5aIQoyQEkfFhacR86uDdsOKP qMAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=jYRbpjWptFY7PUeEiYMIJbXc94sZSdz5yT+vAmsxl0A=; b=0+IqTkHQEKmcetKv2358kSXRgWPG9xA6ULpIiprRCJ0fNzfQe5su2PgHzs86bIOOEs q6jmJRu152tmwsZ0ynOSBWuiiQHbzL8kxYPtGNwdeWuYZ6xknlovCL1qJyln82hUeWY9 vrVxdvghXrsMkg6DmgPBmnOCw6e2ESYycy/e9lyWRlNo1xyv8rlCFUZ5dg4Y8D9ul9HZ 18vPrKbAYNAR38ygj8R5hsALalCSbulUOUL1kePROluAUSGQ4G8RaM+cb8MsPSDUEAUp cnfJN6QIN8A8WZ/Qd8ESbI40F8FO6wnOKjzACNQ1Crlsi/eW/0Lvt8WUAJM2QjoZCq9P wzJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s15si290710ejc.7.2020.08.19.18.32.07; Wed, 19 Aug 2020 18:32:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726362AbgHTBbZ (ORCPT + 99 others); Wed, 19 Aug 2020 21:31:25 -0400 Received: from netrider.rowland.org ([192.131.102.5]:42429 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726646AbgHTBbY (ORCPT ); Wed, 19 Aug 2020 21:31:24 -0400 Received: (qmail 202460 invoked by uid 1000); 19 Aug 2020 21:31:22 -0400 Date: Wed, 19 Aug 2020 21:31:22 -0400 From: Alan Stern To: Guenter Roeck Cc: Laurent Pinchart , Hans Verkuil , linux-usb , Greg Kroah-Hartman , "linux-kernel@vger.kernel.org" , linux-media@vger.kernel.org, linux-uvc-devel@lists.sourceforge.net, Sakari Ailus Subject: Re: Protecting uvcvideo againt USB device disconnect [Was: Re: Protecting usb_set_interface() against device removal] Message-ID: <20200820013122.GA202178@rowland.harvard.edu> References: <20200815020739.GB52242@rowland.harvard.edu> <20200816003315.GA13826@roeck-us.net> <20200816121816.GC32174@pendragon.ideasonboard.com> <9bb20ed7-b156-f6c2-4d25-6acac1a0021b@roeck-us.net> <20200816235155.GA7729@pendragon.ideasonboard.com> <0684b71c-8ac5-8962-cbd5-c0bcaa8b6881@xs4all.nl> <20200819013002.GL2360@pendragon.ideasonboard.com> <20200819230851.GA222844@roeck-us.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200819230851.GA222844@roeck-us.net> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 19, 2020 at 04:08:51PM -0700, Guenter Roeck wrote: > usb_set_interface() should not be called anymore after uvc_disconnect(), > or at east I think so (is that documented anywhere ?). It may be documented somewhere, but basically it goes without saying. A main feature of the device model design is that drivers get bound to devices by having their probe routine called, and they get unbound by having their disconnect routine called. It should go without saying that once a driver is unbound from a device, it must not communicate with that device any more. It might be nice if this requirement could be enforced (say in the USB core), but doing so is impractical. It would require every I/O request to include some sort of cookie proving that the caller is authorized to make the request. That's not how the kernel works; it trusts drivers to generally do the right thing without constant checking. Alan Stern