Linux kernel staging patches
 help / color / mirror / Atom feed
* [bug report] Potential order bug in 'drivers/staging/gpib/lpvo_usb_gpib/lpvo_usb_gpib.c', primarily in 'skel_disconnect()'
@ 2026-04-28  5:07 Ginger
  2026-04-28 11:44 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Ginger @ 2026-04-28  5:07 UTC (permalink / raw)
  To: dpenkler; +Cc: linux-staging

Dear Linux kernel maintainers,

My research-based static analyzer found a potential order bug within
the 'drivers/staging/gpib/lpvo_usb_gpib' subsystem, more specifically,
in 'drivers/staging/gpib/lpvo_usb_gpib/lpvo_usb_gpib.c'.
This bug is similar to a previous bug report as discussed in
'https://lore.kernel.org/linux-usb/2026042718-unwieldy-dicing-626f@gregkh'.

Kernel version: long-term kernel v6.18.9

Potential concurrent triggering executions:
T0:
skel_disconnect
    --> usb_set_intfdata(interface, NULL);
    --> usb_deregister_dev(interface, &skel_class);
         --> usb_minors[intf->minor] = NULL;
T1:
usb_gpib_attach
   --> skel_do_open
       --> interface = usb_find_interface(&skel_driver, subminor);
       --> dev = usb_get_intfdata(interface);

In T0, the interface is nullified before its get deregistered. Thus,
it is possible for T1 to still get the usb dev and access it via the
interface, which, however, has been already nullified.

Thank you for your time and consideration.

Sincerely,
Ginger

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-28 11:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28  5:07 [bug report] Potential order bug in 'drivers/staging/gpib/lpvo_usb_gpib/lpvo_usb_gpib.c', primarily in 'skel_disconnect()' Ginger
2026-04-28 11:44 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox