Fuzzing uncovered race condition between sysfs code paths in usbip drivers. Device connect/disconnect code paths initiated through sysfs interface are prone to races if disconnect happens during connect and vice versa. This problem is common to all drivers while it can be reproduced easily in vhci_hcd. Add a sysfs_lock to usbip_device struct to protect the paths. For a complete fix, all usbip drivers have to use sysfs_lock to protect sysfs code paths and common event handler will have to use this lock to synchonize with the sysfs paths in drivers. This patch series adds sysfs_lock and uses it in vhci_hcd in the first patch. Subsequent patches fix usbip_host, vudc and the last patch fixes the common event handler code path. Shuah Khan (4): usbip: add sysfs_lock to synchronize sysfs code paths usbip: stub-dev synchronize sysfs code paths usbip: vudc synchronize sysfs code paths usbip: synchronize event handler with sysfs code paths drivers/usb/usbip/stub_dev.c | 11 +++++++++-- drivers/usb/usbip/usbip_common.h | 3 +++ drivers/usb/usbip/usbip_event.c | 2 ++ drivers/usb/usbip/vhci_hcd.c | 1 + drivers/usb/usbip/vhci_sysfs.c | 30 +++++++++++++++++++++++++----- drivers/usb/usbip/vudc_dev.c | 1 + drivers/usb/usbip/vudc_sysfs.c | 5 +++++ 7 files changed, 46 insertions(+), 7 deletions(-) -- 2.27.0
