Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964964AbWLTJpj (ORCPT ); Wed, 20 Dec 2006 04:45:39 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964965AbWLTJpj (ORCPT ); Wed, 20 Dec 2006 04:45:39 -0500 Received: from smtp-out001.kontent.com ([81.88.40.215]:39109 "EHLO smtp-out.kontent.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964964AbWLTJpi (ORCPT ); Wed, 20 Dec 2006 04:45:38 -0500 From: Oliver Neukum To: J , linux-usb-devel@lists.sourceforge.net, Greg KH Subject: Re: Possible race condition in usb-serial.c Date: Wed, 20 Dec 2006 10:47:20 +0100 User-Agent: KMail/1.8 Cc: linux-kernel@vger.kernel.org References: <695571.36956.qm@web32904.mail.mud.yahoo.com> In-Reply-To: <695571.36956.qm@web32904.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612201047.20842.oliver@neukum.org> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1449 Lines: 38 Am Dienstag, 19. Dezember 2006 23:33 schrieb J: > Thank you for the response. > > > This code depends on protection from BKL. > > Really? I cannot find many lock_kernel calls in > USB directory and those, which I can find, > don't appear to protect usb_serial_disconnect > and serial_close from being called at the same time. serial_close is safe because serial_disconnect lowers the refcount by one. usb_serial_probe() and usb_serial_open() both increment the refcount; the former implicitly. > May be the protection is at a higher level? > Personally I don't beleive it. > If you know how this thing is supposed to work, > please, tell me. The data structure to protect is serial_table. Everything else is protected by refcounts. Therefore the interesting race is between open and disconnect. Open is called with BKL (fs/char_dev.c::chrdev_open) Now, regarding disconnect. It used to be called with BKL held. I haven't been able to verify that this is still the case. If not, then there's a race. In addition usb_serial_probe() uses get_free_serial() early in the process before the device is ready. Without BKL, this too, races with open. People, do we take BKL in khubd? Regards Oliver - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/