Re: Possible race condition in usb-serial.c

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Oliver Neukum <oliver@neukum.org>
To: J <jhnlmn@yahoo.com>,
	linux-usb-devel@lists.sourceforge.net, Greg KH <gregkh@suse.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Possible race condition in usb-serial.c
Date: Wed, 20 Dec 2006 10:47:20 +0100	[thread overview]
Message-ID: <200612201047.20842.oliver@neukum.org> (raw)
In-Reply-To: <695571.36956.qm@web32904.mail.mud.yahoo.com>

Am Dienstag, 19. Dezember 2006 23:33 schrieb J:
> Thank you for the response.
> 
> > This code depends on protection from BKL.
> 
> Really? I cannot find many lock_kernel calls in 
> USB directory and those, which I can find, 
> don't appear to protect usb_serial_disconnect
> and serial_close from being called at the same time.

serial_close is safe because serial_disconnect lowers the refcount
by one. usb_serial_probe() and usb_serial_open() both increment
the refcount; the former implicitly.

> May be the protection is at a higher level? 
> Personally I don't beleive it.
> If you know how this thing is supposed to work,
> please, tell me.

The data structure to protect is serial_table. Everything else is
protected by refcounts. Therefore the interesting race is between
open and disconnect. Open is called with BKL (fs/char_dev.c::chrdev_open)

Now, regarding disconnect. It used to be called with BKL held. I haven't been
able to verify that this is still the case. If not, then there's a race.

In addition usb_serial_probe() uses get_free_serial() early in the process
before the device is ready. Without BKL, this too, races with open.

People, do we take BKL in khubd?

	Regards
		Oliver

next prev parent reply	other threads:[~2006-12-20  9:45 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-19 19:21 Possible race condition in usb-serial.c J
2006-12-19 20:15 ` Oliver Neukum
2006-12-19 22:33   ` J
2006-12-20  9:47     ` Oliver Neukum [this message]
2006-12-20 15:10       ` [linux-usb-devel] " Alan Stern
2006-12-20 21:02         ` Oliver Neukum
2006-12-20 19:32       ` J
2006-12-20 20:43         ` Greg KH
2006-12-20 22:39           ` J
2006-12-20 22:52             ` Greg KH
2006-12-20 20:43         ` Oliver Neukum
2006-12-20 22:24           ` J
2006-12-22 18:14             ` Oliver Neukum
2006-12-22 19:08               ` J
2006-12-22 19:59                 ` Oliver Neukum
2006-12-22 20:51                   ` J

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200612201047.20842.oliver@neukum.org \
    --to=oliver@neukum.org \
    --cc=gregkh@suse.de \
    --cc=jhnlmn@yahoo.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox