On Thu, 19 Apr 2018, Laurent Pinchart wrote: > According to include/linux/usb/composite.h, the delayed_status field should be > protected by cdev->lock, which you should use here. > > I've read through the code and found out that, while all callers of > reset_config(), as well as usb_composite_setup_continue(), correctly take the > lock, it isn't taken around f->set_alt() in composite_setup(). This causes the > race condition. I wonder if a simpler fix wouldn't be to take the lock before > calling f->set_alt() and releasing it after incrementing delayed_status. I am > however worried that this could lead to deadlocks if one of the existing > set_alt() handlers calls a function that takes the same lock. Another worry > is that some of the .set_alt() handlers might not expect to be called with > interrupts disabled. This should be analyzed, and I hope that Roger and/or > Felipe will have some insight on this. set_alt handlers generally have to disable and enable endpoints, which requires a process context. They cannot run with interrupts disabled. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
