5.4-stable patches

added patches:
	usb-core-fix-deadlock-in-usb_deauthorize_interface.patch

diff --git a/queue-5.4/series b/queue-5.4/series
index fa926984d9d96df469029d80e101f9f9b5d09a30..f3c6022f5400ae6becb69beae8f24585c3cc3425 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -125,3 +125,4 @@ usb-udc-remove-warning-when-queue-disabled-ep.patch
 scsi-qla2xxx-fix-command-flush-on-cable-pull.patch
 x86-cpu-enable-stibp-on-amd-if-automatic-ibrs-is-enabled.patch
 scsi-lpfc-correct-size-for-wqe-for-memset.patch
+usb-core-fix-deadlock-in-usb_deauthorize_interface.patch

diff --git a/queue-5.4/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch b/queue-5.4/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch
new file mode 100644 (file)
index 0000000..16c41da
--- /dev/null
+++ b/queue-5.4/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch
@@ -0,0 +1,70 @@
+From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Tue, 12 Mar 2024 11:48:23 -0400
+Subject: USB: core: Fix deadlock in usb_deauthorize_interface()
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 80ba43e9f799cbdd83842fc27db667289b3150f5 upstream.
+
+Among the attribute file callback routines in
+drivers/usb/core/sysfs.c, the interface_authorized_store() function is
+the only one which acquires a device lock on an ancestor device: It
+calls usb_deauthorize_interface(), which locks the interface's parent
+USB device.
+
+The will lead to deadlock if another process already owns that lock
+and tries to remove the interface, whether through a configuration
+change or because the device has been disconnected.  As part of the
+removal procedure, device_del() waits for all ongoing sysfs attribute
+callbacks to complete.  But usb_deauthorize_interface() can't complete
+until the device lock has been released, and the lock won't be
+released until the removal has finished.
+
+The mechanism provided by sysfs to prevent this kind of deadlock is
+to use the sysfs_break_active_protection() function, which tells sysfs
+not to wait for the attribute callback.
+
+Reported-and-tested by: Yue Sun <samsun1006219@gmail.com>
+Reported by: xingwei lee <xrivendell7@gmail.com>
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNOOHocDkPoAA@mail.gmail.com/#r
+Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harvard.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/core/sysfs.c |   16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/core/sysfs.c
++++ b/drivers/usb/core/sysfs.c
+@@ -1190,14 +1190,24 @@ static ssize_t interface_authorized_stor
+ {
+       struct usb_interface *intf = to_usb_interface(dev);
+       bool val;
++      struct kernfs_node *kn;
+ 
+       if (strtobool(buf, &val) != 0)
+               return -EINVAL;
+ 
+-      if (val)
++      if (val) {
+               usb_authorize_interface(intf);
+-      else
+-              usb_deauthorize_interface(intf);
++      } else {
++              /*
++               * Prevent deadlock if another process is concurrently
++               * trying to unregister intf.
++               */
++              kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
++              if (kn) {
++                      usb_deauthorize_interface(intf);
++                      sysfs_unbreak_active_protection(kn);
++              }
++      }
+ 
+       return count;
+ }