• Alan Stern's avatar
    USB: prevent char device open/deregister race · d4ead16f
    Alan Stern authored
    This patch (as908) adds central protection in usbcore for the
    prototypical race between opening and unregistering a char device.
    The spinlock used to protect the minor-numbers array is replaced with
    an rwsem, which can remain locked across a call to a driver's open()
    method.  This guarantees that open() and deregister() will be mutually
    exclusive.
    
    The private locks currently used in several individual drivers for
    this purpose are no longer necessary, and the patch removes them.  The
    following USB drivers are affected: usblcd, idmouse, auerswald,
    legousbtower, sisusbvga/sisusb, ldusb, adutux, iowarrior, and
    usb-skeleton.
    
    As a side effect of this change, usb_deregister_dev() must not be
    called while holding a lock that is acquired by open().  Unfortunately
    a number of drivers do this, but luckily the solution is simple: call
    usb_deregister_dev() before acquiring the lock.
    
    In addition to these changes (and their consequent code
    simplifications), the patch fixes a use-after-free bug in adutux and a
    race between open() and release() in iowarrior.
    Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    d4ead16f
file.c 6.01 KB