lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210121154533.GA254122@rowland.harvard.edu>
Date:   Thu, 21 Jan 2021 10:45:33 -0500
From:   Alan Stern <stern@...land.harvard.edu>
To:     Oh Eomji <eomji.oh@...sung.com>
Cc:     balbi@...nel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Bart Van Assche <bvanassche@....org>,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: f_mass_storage: cahnge wait_event to
 wait_event_timeout

On Thu, Jan 21, 2021 at 03:56:45PM +0900, Oh Eomji wrote:
> Changed to return a timeout error if there is no response for a certain
> period of time in order to solve the problem of waiting for a event
> complete while executing unbind.
> 
> Signed-off-by: Oh Eomji <eomji.oh@...sung.com>
> ---
>  drivers/usb/gadget/function/f_mass_storage.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/gadget/function/f_mass_storage.c b/drivers/usb/gadget/function/f_mass_storage.c
> index 950c943..b474840 100644
> --- a/drivers/usb/gadget/function/f_mass_storage.c
> +++ b/drivers/usb/gadget/function/f_mass_storage.c
> @@ -3000,7 +3000,7 @@ static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
>  	if (fsg->common->fsg == fsg) {
>  		__raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL);
>  		/* FIXME: make interruptible or killable somehow? */
> -		wait_event(common->fsg_wait, common->fsg != fsg);
> +		wait_event_timeout(common->fsg_wait, common->fsg != fsg, HZ / 4);
>  	}
>  
>  	usb_free_all_descriptors(&fsg->function);

No, no, no!

This patch completely misunderstands the purpose of the wait_event call.  
The reason it isn't interruptible is not because that would be difficult 
-- all it takes is adding a timeout argument, as you did here.

The reason is because the driver will get invalid memory accesses if 
fsg_unbind returns too early.  fsg will be deallocated, but 
fsg_set_interface will continue to use it.  This patch completely 
ignores that issue.

Was there any real reason for writing this patch?  Does it solve a 
real-world problem?  Did you encounter a situation where the wait_event 
call would wait for more than 1/4 second?

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ