From: Greg Kroah-Hartman Date: Mon, 1 Apr 2024 14:52:19 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v6.7.12~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57e0195843952e38a0751b9adbde1d8252805e42;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: usb-core-fix-deadlock-in-usb_deauthorize_interface.patch --- diff --git a/queue-4.19/series b/queue-4.19/series index 7f0838752c6..7c351cdc8c7 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -108,3 +108,4 @@ x86-cpu-enable-stibp-on-amd-if-automatic-ibrs-is-enabled.patch timers-move-clearing-of-base-timer_running-under-base-lock.patch drm-imx-parallel-display-remove-bus-flags-check-in-imx_pd_bridge_atomic_check.patch scsi-lpfc-correct-size-for-wqe-for-memset.patch +usb-core-fix-deadlock-in-usb_deauthorize_interface.patch diff --git a/queue-4.19/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch b/queue-4.19/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch new file mode 100644 index 00000000000..24aa752be8d --- /dev/null +++ b/queue-4.19/usb-core-fix-deadlock-in-usb_deauthorize_interface.patch @@ -0,0 +1,70 @@ +From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Tue, 12 Mar 2024 11:48:23 -0400 +Subject: USB: core: Fix deadlock in usb_deauthorize_interface() + +From: Alan Stern + +commit 80ba43e9f799cbdd83842fc27db667289b3150f5 upstream. + +Among the attribute file callback routines in +drivers/usb/core/sysfs.c, the interface_authorized_store() function is +the only one which acquires a device lock on an ancestor device: It +calls usb_deauthorize_interface(), which locks the interface's parent +USB device. + +The will lead to deadlock if another process already owns that lock +and tries to remove the interface, whether through a configuration +change or because the device has been disconnected. As part of the +removal procedure, device_del() waits for all ongoing sysfs attribute +callbacks to complete. But usb_deauthorize_interface() can't complete +until the device lock has been released, and the lock won't be +released until the removal has finished. + +The mechanism provided by sysfs to prevent this kind of deadlock is +to use the sysfs_break_active_protection() function, which tells sysfs +not to wait for the attribute callback. + +Reported-and-tested by: Yue Sun +Reported by: xingwei lee + +Signed-off-by: Alan Stern +Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNOOHocDkPoAA@mail.gmail.com/#r +Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harvard.edu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/core/sysfs.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +--- a/drivers/usb/core/sysfs.c ++++ b/drivers/usb/core/sysfs.c +@@ -1069,14 +1069,24 @@ static ssize_t interface_authorized_stor + { + struct usb_interface *intf = to_usb_interface(dev); + bool val; ++ struct kernfs_node *kn; + + if (strtobool(buf, &val) != 0) + return -EINVAL; + +- if (val) ++ if (val) { + usb_authorize_interface(intf); +- else +- usb_deauthorize_interface(intf); ++ } else { ++ /* ++ * Prevent deadlock if another process is concurrently ++ * trying to unregister intf. ++ */ ++ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); ++ if (kn) { ++ usb_deauthorize_interface(intf); ++ sysfs_unbreak_active_protection(kn); ++ } ++ } + + return count; + }