Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965102AbWLTPRJ (ORCPT ); Wed, 20 Dec 2006 10:17:09 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965125AbWLTPRJ (ORCPT ); Wed, 20 Dec 2006 10:17:09 -0500 Received: from iolanthe.rowland.org ([192.131.102.54]:45475 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S965102AbWLTPRI (ORCPT ); Wed, 20 Dec 2006 10:17:08 -0500 X-Greylist: delayed 398 seconds by postgrey-1.27 at vger.kernel.org; Wed, 20 Dec 2006 10:17:08 EST Date: Wed, 20 Dec 2006 10:10:26 -0500 (EST) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: Oliver Neukum cc: J , , Greg KH , Subject: Re: [linux-usb-devel] Possible race condition in usb-serial.c In-Reply-To: <200612201047.20842.oliver@neukum.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 865 Lines: 23 On Wed, 20 Dec 2006, Oliver Neukum wrote: > The data structure to protect is serial_table. Everything else is > protected by refcounts. Therefore the interesting race is between > open and disconnect. Open is called with BKL (fs/char_dev.c::chrdev_open) > > Now, regarding disconnect. It used to be called with BKL held. I haven't been > able to verify that this is still the case. If not, then there's a race. > > In addition usb_serial_probe() uses get_free_serial() early in the process > before the device is ready. Without BKL, this too, races with open. > > People, do we take BKL in khubd? Nope. Alan Stern - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/