superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/usb
History
Uttkarsh Aggarwal 704842c97a usb: gadget: f_fs: Add unbind event before functionfs_unbind 
commit efb6b53520 upstream.

While exercising the unbind path, with the current implementation
the functionfs_unbind would be calling which waits for the ffs->mutex
to be available, however within the same time ffs_ep0_read is invoked
& if no setup packets are pending, it will invoke function
wait_event_interruptible_exclusive_locked_irq which by definition waits
for the ev.count to be increased inside the same mutex for which
functionfs_unbind is waiting.
This creates deadlock situation because the functionfs_unbind won't
get the lock until ev.count is increased which can only happen if
the caller ffs_func_unbind can proceed further.

Following is the illustration:

	CPU1				CPU2

ffs_func_unbind()		ffs_ep0_read()
				mutex_lock(ffs->mutex)
				wait_event(ffs->ev.count)
functionfs_unbind()
  mutex_lock(ffs->mutex)
  mutex_unlock(ffs->mutex)

ffs_event_add()

<deadlock>

Fix this by moving the event unbind before functionfs_unbind
to ensure the ev.count is incrased properly.

Fixes: 6a19da1110 ("usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait")
Cc: stable <stable@kernel.org>
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
Link: https://lore.kernel.org/r/20230525092854.7992-1-quic_uaggarwa@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-06-09 10:34:20 +02:00
..
atm
c67x00
cdns3 usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM 2023-06-09 10:34:20 +02:00
chipidea usb: chipidea: fix missing goto in `ci_hdrc_probe` 2023-05-11 23:03:30 +09:00
class USB: usbtmc: Fix direction for 0-length ioctl control messages 2023-05-24 17:32:48 +01:00
common USB: ULPI: fix memory leak with using debugfs_lookup() 2023-03-11 13:55:36 +01:00
core USB: core: Add routines for endpoint checks in old drivers 2023-05-30 14:03:20 +01:00
dwc2 usb: dwc2: fix a devres leak in hw_enable upon suspend resume 2023-03-30 12:49:22 +02:00
dwc3 usb: dwc3: fix gadget mode suspend interrupt handler issue 2023-05-30 14:03:16 +01:00
early usb: early: xhci-dbc: Fix a potential out-of-bound memory access 2023-03-10 09:33:35 +01:00
gadget usb: gadget: f_fs: Add unbind event before functionfs_unbind 2023-06-09 10:34:20 +02:00
host xhci: Fix incorrect tracking of free space on transfer rings 2023-05-24 17:32:49 +01:00
image
isp1760
misc USB: sisusbvga: Add endpoint checks 2023-05-30 14:03:20 +01:00
mon
mtu3 usb: mtu3: fix kernel panic at qmu transfer done irq handler 2023-05-11 23:03:30 +09:00
musb usb: musb: mediatek: don't unregister something that wasn't registered 2023-03-10 09:33:35 +01:00
phy
renesas_usbhs
roles
serial USB: serial: option: add UNISOC vendor and TOZED LT70C product 2023-05-01 08:26:27 +09:00
storage usb-storage: fix deadlock when a scsi command timeouts more than once 2023-05-24 17:32:48 +01:00
typec usb: typec: altmodes/displayport: fix pin_assignment_show 2023-05-24 17:32:48 +01:00
usbip
Kconfig
Makefile
usb-skeleton.c