Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp885365pxa;
        Wed, 19 Aug 2020 18:32:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyStq5XcwsxwdjoQhofvB8stl4jl756vgenV3w7BCSx0V/3eKXZblD9X55ct0rUUTlaBw+M
X-Received: by 2002:a17:906:cb91:: with SMTP id mf17mr1004589ejb.527.1597887150791;
        Wed, 19 Aug 2020 18:32:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597887150; cv=none;
        d=google.com; s=arc-20160816;
        b=pFb1iTDh6ou6Iu97ZP55Sq+mcsdkHuxLMh54vH6llSd8gmU1cUouVpGulHvEs7dci8
         hnMZZMqUDoqX5Zhr3iIETbnYfa5Fkkbt1kq9QaST24Wfae4Ubc5Sxpe5Uwx5tbLrhaEl
         70mkGDIU7OMhq27nLI/B3yQxT4qrbn0cAWKyyj2rbXbb5Y+nUjLxUC7P3AamLYaneDMh
         pJlDmpFp4VY6qKcLeC88prgtrhZeZflzHXmdSZexPD0TyvhvgVsbTQUkF+4ksypd/1+C
         LXNaodQf1bCpcHCePYW2JpvASug3zJdFy6XL2VobQn8S5aIQoyQEkfFhacR86uDdsOKP
         qMAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=jYRbpjWptFY7PUeEiYMIJbXc94sZSdz5yT+vAmsxl0A=;
        b=0+IqTkHQEKmcetKv2358kSXRgWPG9xA6ULpIiprRCJ0fNzfQe5su2PgHzs86bIOOEs
         q6jmJRu152tmwsZ0ynOSBWuiiQHbzL8kxYPtGNwdeWuYZ6xknlovCL1qJyln82hUeWY9
         vrVxdvghXrsMkg6DmgPBmnOCw6e2ESYycy/e9lyWRlNo1xyv8rlCFUZ5dg4Y8D9ul9HZ
         18vPrKbAYNAR38ygj8R5hsALalCSbulUOUL1kePROluAUSGQ4G8RaM+cb8MsPSDUEAUp
         cnfJN6QIN8A8WZ/Qd8ESbI40F8FO6wnOKjzACNQ1Crlsi/eW/0Lvt8WUAJM2QjoZCq9P
         wzJg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s15si290710ejc.7.2020.08.19.18.32.07;
        Wed, 19 Aug 2020 18:32:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726362AbgHTBbZ (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Wed, 19 Aug 2020 21:31:25 -0400
Received: from netrider.rowland.org ([192.131.102.5]:42429 "HELO
        netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1726646AbgHTBbY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Aug 2020 21:31:24 -0400
Received: (qmail 202460 invoked by uid 1000); 19 Aug 2020 21:31:22 -0400
Date:   Wed, 19 Aug 2020 21:31:22 -0400
From:   Alan Stern <stern@rowland.harvard.edu>
To:     Guenter Roeck <linux@roeck-us.net>
Cc:     Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
        Hans Verkuil <hverkuil-cisco@xs4all.nl>,
        linux-usb <linux-usb@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        linux-media@vger.kernel.org, linux-uvc-devel@lists.sourceforge.net,
        Sakari Ailus <sakari.ailus@iki.fi>
Subject: Re: Protecting uvcvideo againt USB device disconnect [Was: Re:
 Protecting usb_set_interface() against device removal]
Message-ID: <20200820013122.GA202178@rowland.harvard.edu>
References: <b0a7247c-bed3-934b-2c73-7f4b0adb5e75@roeck-us.net>
 <20200815020739.GB52242@rowland.harvard.edu>
 <20200816003315.GA13826@roeck-us.net>
 <20200816121816.GC32174@pendragon.ideasonboard.com>
 <9bb20ed7-b156-f6c2-4d25-6acac1a0021b@roeck-us.net>
 <20200816235155.GA7729@pendragon.ideasonboard.com>
 <0684b71c-8ac5-8962-cbd5-c0bcaa8b6881@xs4all.nl>
 <20200819013002.GL2360@pendragon.ideasonboard.com>
 <20200819230851.GA222844@roeck-us.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200819230851.GA222844@roeck-us.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 19, 2020 at 04:08:51PM -0700, Guenter Roeck wrote:

> usb_set_interface() should not be called anymore after uvc_disconnect(),
> or at east I think so (is that documented anywhere ?).

It may be documented somewhere, but basically it goes without saying.  

A main feature of the device model design is that drivers get bound to 
devices by having their probe routine called, and they get unbound by 
having their disconnect routine called.  It should go without saying 
that once a driver is unbound from a device, it must not communicate 
with that device any more.

It might be nice if this requirement could be enforced (say in the USB 
core), but doing so is impractical.  It would require every I/O request 
to include some sort of cookie proving that the caller is authorized to 
make the request.  That's not how the kernel works; it trusts drivers 
to generally do the right thing without constant checking.

Alan Stern