linux-hardened/drivers/usb/core
Alan Stern 0a2314035c USB: Fix race condition when removing host controllers
This patch (as1607) fixes a race that can occur if a USB host
controller is removed while a process is reading the
/sys/kernel/debug/usb/devices file.

The usb_device_read() routine uses the bus->root_hub pointer to
determine whether or not the root hub is registered.  The is not a
valid test, because the pointer is set before the root hub gets
registered and remains set even after the root hub is unregistered and
deallocated.  As a result, usb_device_read() or usb_device_dump() can
access freed memory, causing an oops.

The patch changes the test to use the hcd->rh_registered flag, which
does get set and cleared at the appropriate times.  It also makes sure
to hold the usb_bus_list_lock mutex while setting the flag, so that
usb_device_read() will become aware of new root hubs as soon as they
are registered.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Don Zickus <dzickus@redhat.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-09-26 10:21:08 -07:00
..
buffer.c USB: Core: Fix minor coding style issues 2011-01-22 19:35:39 -08:00
config.c usb: Fail a get config when the port is powered off. 2012-09-10 13:04:01 -07:00
devices.c USB: Fix race condition when removing host controllers 2012-09-26 10:21:08 -07:00
devio.c usbfs: Add a new disconnect-and-claim ioctl (v2) 2012-09-10 11:10:37 -07:00
driver.c usb: remove junk from store_remove_id 2012-09-17 15:10:57 -07:00
endpoint.c usb/endpoint: Set release callback in the struct device_type instead of in the device itself directly 2012-08-20 14:38:08 -07:00
file.c USB: rename the usb misc class from "usb" to "usbmisc" 2012-06-13 15:37:13 -07:00
generic.c USB: accept RNDIS configs if there's no alternative 2010-08-10 14:35:43 -07:00
hcd-pci.c USB: add NO_D3_DURING_SLEEP flag and revert 151b612847 2012-06-13 13:11:39 -07:00
hcd.c USB: Fix race condition when removing host controllers 2012-09-26 10:21:08 -07:00
hub.c Revert "usb : Add sysfs files to control port power." 2012-09-24 13:04:02 -07:00
Kconfig USB: remove CONFIG_EXPERIMENTAL dependancies 2012-09-17 23:00:15 -07:00
Makefile usb: Bind devices to ACPI devices when possible 2012-05-11 17:06:13 -07:00
message.c USB: core: remove unused dbg() call in message.c 2012-09-13 11:23:03 -07:00
notify.c usb: Add export.h for EXPORT_SYMBOL/THIS_MODULE where needed 2011-10-31 19:31:25 -04:00
otg_whitelist.h
quirks.c Merge 3.6-rc6 into usb-next 2012-09-16 20:42:46 -07:00
sysfs.c usb: convert USB_QUIRK_RESET_MORPHS to USB_QUIRK_RESET 2012-08-20 14:38:08 -07:00
urb.c usbhid: prevent deadlock during timeout 2012-05-01 13:22:13 -04:00
usb-acpi.c usb/acpi: Use ACPI methods to power off ports. 2012-09-10 13:04:01 -07:00
usb.c USB: Disable LPM while the device is unconfigured. 2012-07-11 07:06:46 -04:00
usb.h usb/acpi: Store info on device removability. 2012-09-10 13:04:01 -07:00