BAD PATCH: USB: remove use of the bus rwsem, as it doesn't reallyprotect anything.

[Alan Cox]

Unless there is something I'm missing most of these patches seem totally
unsafe.

> --- a/drivers/usb/core/devices.c
> +++ b/drivers/usb/core/devices.c
> @@ -246,7 +246,6 @@ static char *usb_dump_interface_descriptor(char *start, char *end,
>  
>  	if (start > end)
>  		return start;
> -	down_read(&usb_bus_type.subsys.rwsem);
>  	if (iface) {
>  		driver_name = (iface->dev.driver
>  				? iface->dev.driver->name

iface->dev.driver can now become NULL during the evaluation above

> @@ -444,8 +441,6 @@ static int releaseintf(struct dev_state *ps, unsigned int ifnum)
>  	if (ifnum >= 8*sizeof(ps->ifclaimed))
>  		return err;
>  	dev = ps->dev;
> -	/* lock against other changes to driver bindings */
> -	down_write(&usb_bus_type.subsys.rwsem);
>  	intf = usb_ifnum_to_if(dev, ifnum);
>  	if (!intf)
>  		err = -ENOENT;
> @@ -453,7 +448,6 @@ static int releaseintf(struct dev_state *ps, unsigned int ifnum)
>  		usb_driver_release_interface(&usbfs_driver, intf);

Which takes iface->dev.driver to NULL

>  		err = 0;
>  	}
> -	up_write(&usb_bus_type.subsys.rwsem);
>  	return err;
>  }
>  
> @@ -813,7 +807,6 @@ static int proc_getdriver(struct dev_state *ps, void __user *arg)
>  
>  	if (copy_from_user(&gd, arg, sizeof(gd)))
>  		return -EFAULT;
> -	down_read(&usb_bus_type.subsys.rwsem);
>  	intf = usb_ifnum_to_if(ps->dev, gd.interface);
>  	if (!intf || !intf->dev.driver)
>  		ret = -ENODATA;

Ditto ...



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/