Re: [PATCH] USB: chaoskey: fail open after removal

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Oliver Neukum <oneukum@suse.com>
Cc: keithp@keithp.com, stable@vger.kernel.org,
	linux-usb@vger.kernel.org,
	syzbot+422188bce66e76020e55@syzkaller.appspotmail.com
Subject: Re: [PATCH] USB: chaoskey: fail open after removal
Date: Fri, 4 Oct 2024 15:17:50 +0200	[thread overview]
Message-ID: <2024100408-cedar-debug-5b28@gregkh> (raw)
In-Reply-To: <20241002132201.552578-1-oneukum@suse.com>

On Wed, Oct 02, 2024 at 03:21:41PM +0200, Oliver Neukum wrote:
> chaoskey_open() takes the lock only to increase the
> counter of openings. That means that the mutual exclusion
> with chaoskey_disconnect() cannot prevent an increase
> of the counter and chaoskey_open() returning a success.
> 
> If that race is hit, chaoskey_disconnect() will happily
> free all resources associated with the device after
> it has dropped the lock, as it has read the counter
> as zero.
> 
> To prevent this race chaoskey_open() has to check
> the presence of the device under the lock.
> However, the current per device lock cannot be used,
> because it is a part of the data structure to be
> freed. Hence an additional global mutex is needed.
> The issue is as old as the driver.

I'll take this, but really, the driver should not care about how many
times it is opened.  That change can happen later, I'll try to dig up
the device I have for this driver so that I can test it out...

thanks,

greg k-h

next prev parent reply	other threads:[~2024-10-04 13:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-02 13:21 [PATCH] USB: chaoskey: fail open after removal Oliver Neukum
2024-10-02 13:26 ` kernel test robot
2024-10-04 13:17 ` Greg KH [this message]
2024-10-07  8:33   ` Oliver Neukum
2024-10-09  5:41 ` Jeongjun Park

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2024100408-cedar-debug-5b28@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=keithp@keithp.com \
    --cc=linux-usb@vger.kernel.org \
    --cc=oneukum@suse.com \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+422188bce66e76020e55@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox