Please sign in to comment.
USB: Fix race condition when removing host controllers
This patch (as1607) fixes a race that can occur if a USB host controller is removed while a process is reading the /sys/kernel/debug/usb/devices file. The usb_device_read() routine uses the bus->root_hub pointer to determine whether or not the root hub is registered. The is not a valid test, because the pointer is set before the root hub gets registered and remains set even after the root hub is unregistered and deallocated. As a result, usb_device_read() or usb_device_dump() can access freed memory, causing an oops. The patch changes the test to use the hcd->rh_registered flag, which does get set and cleared at the appropriate times. It also makes sure to hold the usb_bus_list_lock mutex while setting the flag, so that usb_device_read() will become aware of new root hubs as soon as they are registered. Signed-off-by: Alan Stern <email@example.com> Reported-by: Don Zickus <firstname.lastname@example.org> Cc: stable <email@example.com> Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>
- Loading branch information...
Showing with 3 additions and 5 deletions.