Am Donnerstag, den 17.09.2020, 13:43 +0200 schrieb Greg KH:
> On Thu, Sep 17, 2020 at 12:34:27PM +0200, Oliver Neukum wrote:
> > read() needs to check whether the device has been
> > disconnected before it tries to talk to the device.
> >
> > Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
> > Reported-by: syzbot+be5b5f86a162a6c281e6@xxxxxxxxxxxxxxxxxxxxxxxxx
> > ---
> > drivers/usb/class/usblp.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c
> > index 084c48c5848f..67cbd42421be 100644
> > --- a/drivers/usb/class/usblp.c
> > +++ b/drivers/usb/class/usblp.c
> > @@ -827,6 +827,11 @@ static ssize_t usblp_read(struct file *file, char __user *buffer, size_t len, lo
> > if (rv < 0)
> > return rv;
> >
> > + if (!usblp->present) {
> > + count = -ENODEV;
> > + goto done;
> > + }
> > +
>
> What prevents ->present from not being changed right after this test?
Hi,
the mutex taken in
rv = usblp_rwait_and_lock(usblp, !!(file->f_flags & O_NONBLOCK));
right above it. Yes, this driver is a mess. But short of adding
a ton of comments or rewriting the whole thing I have no idea
what to do about that.
Regards
Oliver
