From: Oliver Neukum <oneukum@suse.com>
To: Alan Stern <stern@rowland.harvard.edu>,
Greg KH <gregkh@linuxfoundation.org>
Cc: USB mailing list <linux-usb@vger.kernel.org>
Subject: Re: [PATCH 1/2] usbcore: Reject excessively long uninterruptible timeouts
Date: Tue, 10 Feb 2026 09:51:55 +0100 [thread overview]
Message-ID: <a57d602d-9868-4dc0-9983-9543903a0130@suse.com> (raw)
In-Reply-To: <9a7f1f3d-7063-426e-85be-e32a5e2dc431@rowland.harvard.edu>
On 09.02.26 20:59, Alan Stern wrote:
> Note that this will affect the timeouts accepted by the
> USBDEVFS_CONTROL and USBDEVFS_BULK ioctls in usbfs, since they rely on
> the synchronous message API.
That means you cannot just change the semantics of the call.
> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
> Link: https://lore.kernel.org/linux-usb/3acfe838-6334-4f6d-be7c-4bb01704b33d@rowland.harvard.edu/
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> CC: stable@vger.kernel.org
>
> ---
>
> drivers/usb/core/message.c | 23 ++++++++++++++---------
> include/linux/usb.h | 3 +++
> 2 files changed, 17 insertions(+), 9 deletions(-)
>
> Index: usb-devel/drivers/usb/core/message.c
> ===================================================================
> --- usb-devel.orig/drivers/usb/core/message.c
> +++ usb-devel/drivers/usb/core/message.c
> @@ -46,6 +46,9 @@ static void usb_api_blocking_completion(
> * is NOT interruptible. Many device driver i/o requests should be
> * interruptible and therefore these drivers should implement their
> * own interruptible routines.
> + *
> + * Because the wait is uninterruptible, we enforce a maximum limit on
> + * the length of the timeout.
> */
> static int usb_start_wait_urb(struct urb *urb, int timeout, int *actual_length)
If you are touching this at all, we might look into the fundamental question
of why a timeout can be negative at all.
> {
> @@ -56,11 +59,17 @@ static int usb_start_wait_urb(struct urb
> init_completion(&ctx.done);
> urb->context = &ctx;
> urb->actual_length = 0;
> +
> + if (timeout <= 0 || timeout > USB_MAX_SYNCHRONOUS_TIMEOUT) {
You are rejecting values that used to be acceptable. That is unavoidable,
but somebody was surely foolish enough to pass 0 from user space in every
case and got away with it until now.
It would seem to me that you need to at least convert 0 to
USB_MAX_SYNCHRONOUS_TIMEOUT, if not outright capping the
timeout instead of erroring out.
Regards
Oliver
prev parent reply other threads:[~2026-02-10 8:51 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 2:33 RFC: Prevent long uninterruptible waits in usbcore Alan Stern
2026-02-09 10:05 ` Greg KH
2026-02-09 15:16 ` Alan Stern
2026-02-09 15:39 ` Oliver Neukum
2026-02-09 19:59 ` [PATCH 1/2] usbcore: Reject excessively long uninterruptible timeouts Alan Stern
2026-02-09 20:00 ` [PATCH 2/2] USB: usbtmc: Don't accept very long timeouts Alan Stern
2026-02-10 9:03 ` Oliver Neukum
2026-02-11 3:25 ` Alan Stern
2026-02-11 10:28 ` Oliver Neukum
2026-02-11 15:31 ` Alan Stern
2026-02-11 15:59 ` Oliver Neukum
2026-02-11 16:18 ` Alan Stern
2026-02-11 17:59 ` Oliver Neukum
2026-02-12 2:34 ` Alan Stern
2026-02-12 8:13 ` Oliver Neukum
2026-02-10 8:51 ` Oliver Neukum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a57d602d-9868-4dc0-9983-9543903a0130@suse.com \
--to=oneukum@suse.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox