USB: fix bugs in usb_(de)authorize_device

This patch (as1315) fixes some bugs in the USB core authorization code: usb_deauthorize_device() should deallocate the device strings instead of leaking them, and it should invoke usb_destroy_configuration() (which does proper reference counting) instead of freeing the config information directly. usb_authorize_device() shouldn't change the device strings until it knows that the authorization will succeed, and it should autosuspend the device at the end (having autoresumed the device at the start). Because the device strings can be changed, the sysfs routines to display the strings must protect the string pointers by locking the device. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Inaky Perez-Gonzalez <inaky@linux.intel.com> Acked-by: David Vrabel <david.vrabel@csr.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Alan Stern <stern@rowland.harvard.edu> 2009-12-08 15:54:44 -0500
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-12-23 14:34:10 -0500
commit: da307123c621b01cce147a4be313d8a754674f63 (patch)
tree: 0f9270989a505c9717b9c70979a62f2407451a16 /drivers
parent: 8d8558d10806b7e805cb80df867ebb0a453d4765 (diff)
2 files changed, 25 insertions, 13 deletions
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 28738fa17afb..0cec6caf6e9b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1849,21 +1849,23 @@ fail:
 */
 int usb_deauthorize_device(struct usb_device *usb_dev)
 {
-        unsigned cnt;
        usb_lock_device(usb_dev);
        if (usb_dev->authorized == 0)
                goto out_unauthorized;
        usb_dev->authorized = 0;
        usb_set_configuration(usb_dev, -1);
+        kfree(usb_dev->product);
        usb_dev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+        kfree(usb_dev->manufacturer);
        usb_dev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL);
+        kfree(usb_dev->serial);
        usb_dev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL);
-        kfree(usb_dev->config);
-        usb_dev->config = NULL;
+        usb_destroy_configuration(usb_dev);
-        for (cnt = 0; cnt < usb_dev->descriptor.bNumConfigurations; cnt++)
-                kfree(usb_dev->rawdescriptors[cnt]);
        usb_dev->descriptor.bNumConfigurations = 0;
-        kfree(usb_dev->rawdescriptors);
 out_unauthorized:
        usb_unlock_device(usb_dev);
        return 0;
@@ -1873,15 +1875,11 @@ out_unauthorized:
 int usb_authorize_device(struct usb_device *usb_dev)
 {
        int result = 0, c;
        usb_lock_device(usb_dev);
        if (usb_dev->authorized == 1)
                goto out_authorized;
-        kfree(usb_dev->product);
-        usb_dev->product = NULL;
-        kfree(usb_dev->manufacturer);
-        usb_dev->manufacturer = NULL;
-        kfree(usb_dev->serial);
-        usb_dev->serial = NULL;
        result = usb_autoresume_device(usb_dev);
        if (result < 0) {
                dev_err(&usb_dev->dev,
@@ -1894,6 +1892,14 @@ int usb_authorize_device(struct usb_device *usb_dev)
                        "authorization: %d\n", result);
                goto error_device_descriptor;
        }
+        kfree(usb_dev->product);
+        usb_dev->product = NULL;
+        kfree(usb_dev->manufacturer);
+        usb_dev->manufacturer = NULL;
+        kfree(usb_dev->serial);
+        usb_dev->serial = NULL;
        usb_dev->authorized = 1;
        result = usb_enumerate_device(usb_dev);
        if (result < 0)
@@ -1912,8 +1918,10 @@ int usb_authorize_device(struct usb_device *usb_dev)
                }
        }
        dev_info(&usb_dev->dev, "authorized to connect\n");
 error_enumerate:
 error_device_descriptor:
+        usb_autosuspend_device(usb_dev);
 error_autoresume:
 out_authorized:
        usb_unlock_device(usb_dev);     // complements locktree
diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
index 15477008b631..485edf937f25 100644
--- a/drivers/usb/core/sysfs.c
+++ b/drivers/usb/core/sysfs.c
@@ -82,9 +82,13 @@ static ssize_t  show_##name(struct device *dev,				\
                struct device_attribute *attr, char *buf)               \
 {                                                                       \
        struct usb_device *udev;                                        \
+        int retval;                                                     \
                                                                        \
        udev = to_usb_device(dev);                                      \
-        return sprintf(buf, "%s\n", udev->name);                        \
+        usb_lock_device(udev);                                          \
+        retval = sprintf(buf, "%s\n", udev->name);                      \
+        usb_unlock_device(udev);                                        \
+        return retval;                                                  \
 }                                                                       \
 static DEVICE_ATTR(name, S_IRUGO, show_##name, NULL);
author	Alan Stern <stern@rowland.harvard.edu>	2009-12-08 15:54:44 -0500
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-12-23 14:34:10 -0500
commit	da307123c621b01cce147a4be313d8a754674f63 (patch)
tree	0f9270989a505c9717b9c70979a62f2407451a16 /drivers
parent	8d8558d10806b7e805cb80df867ebb0a453d4765 (diff)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 28738fa17afb..0cec6caf6e9b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c
@@ -1849,21 +1849,23 @@ fail:
1849	*/	1849	*/
1850	int usb_deauthorize_device(struct usb_device *usb_dev)	1850	int usb_deauthorize_device(struct usb_device *usb_dev)
1851	{	1851	{
1852	unsigned cnt;
1853	usb_lock_device(usb_dev);	1852	usb_lock_device(usb_dev);
1854	if (usb_dev->authorized == 0)	1853	if (usb_dev->authorized == 0)
1855	goto out_unauthorized;	1854	goto out_unauthorized;
		1855
1856	usb_dev->authorized = 0;	1856	usb_dev->authorized = 0;
1857	usb_set_configuration(usb_dev, -1);	1857	usb_set_configuration(usb_dev, -1);
		1858
		1859	kfree(usb_dev->product);
1858	usb_dev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL);	1860	usb_dev->product = kstrdup("n/a (unauthorized)", GFP_KERNEL);
		1861	kfree(usb_dev->manufacturer);
1859	usb_dev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL);	1862	usb_dev->manufacturer = kstrdup("n/a (unauthorized)", GFP_KERNEL);
		1863	kfree(usb_dev->serial);
1860	usb_dev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL);	1864	usb_dev->serial = kstrdup("n/a (unauthorized)", GFP_KERNEL);
1861	kfree(usb_dev->config);	1865
1862	usb_dev->config = NULL;	1866	usb_destroy_configuration(usb_dev);
1863	for (cnt = 0; cnt < usb_dev->descriptor.bNumConfigurations; cnt++)
1864	kfree(usb_dev->rawdescriptors[cnt]);
1865	usb_dev->descriptor.bNumConfigurations = 0;	1867	usb_dev->descriptor.bNumConfigurations = 0;
1866	kfree(usb_dev->rawdescriptors);	1868
1867	out_unauthorized:	1869	out_unauthorized:
1868	usb_unlock_device(usb_dev);	1870	usb_unlock_device(usb_dev);
1869	return 0;	1871	return 0;
@@ -1873,15 +1875,11 @@ out_unauthorized:
1873	int usb_authorize_device(struct usb_device *usb_dev)	1875	int usb_authorize_device(struct usb_device *usb_dev)
1874	{	1876	{
1875	int result = 0, c;	1877	int result = 0, c;
		1878
1876	usb_lock_device(usb_dev);	1879	usb_lock_device(usb_dev);
1877	if (usb_dev->authorized == 1)	1880	if (usb_dev->authorized == 1)
1878	goto out_authorized;	1881	goto out_authorized;
1879	kfree(usb_dev->product);	1882
1880	usb_dev->product = NULL;
1881	kfree(usb_dev->manufacturer);
1882	usb_dev->manufacturer = NULL;
1883	kfree(usb_dev->serial);
1884	usb_dev->serial = NULL;
1885	result = usb_autoresume_device(usb_dev);	1883	result = usb_autoresume_device(usb_dev);
1886	if (result < 0) {	1884	if (result < 0) {
1887	dev_err(&usb_dev->dev,	1885	dev_err(&usb_dev->dev,
@@ -1894,6 +1892,14 @@ int usb_authorize_device(struct usb_device *usb_dev)
1894	"authorization: %d\n", result);	1892	"authorization: %d\n", result);
1895	goto error_device_descriptor;	1893	goto error_device_descriptor;
1896	}	1894	}
		1895
		1896	kfree(usb_dev->product);
		1897	usb_dev->product = NULL;
		1898	kfree(usb_dev->manufacturer);
		1899	usb_dev->manufacturer = NULL;
		1900	kfree(usb_dev->serial);
		1901	usb_dev->serial = NULL;
		1902
1897	usb_dev->authorized = 1;	1903	usb_dev->authorized = 1;
1898	result = usb_enumerate_device(usb_dev);	1904	result = usb_enumerate_device(usb_dev);
1899	if (result < 0)	1905	if (result < 0)
@@ -1912,8 +1918,10 @@ int usb_authorize_device(struct usb_device *usb_dev)
1912	}	1918	}
1913	}	1919	}
1914	dev_info(&usb_dev->dev, "authorized to connect\n");	1920	dev_info(&usb_dev->dev, "authorized to connect\n");
		1921
1915	error_enumerate:	1922	error_enumerate:
1916	error_device_descriptor:	1923	error_device_descriptor:
		1924	usb_autosuspend_device(usb_dev);
1917	error_autoresume:	1925	error_autoresume:
1918	out_authorized:	1926	out_authorized:
1919	usb_unlock_device(usb_dev); // complements locktree	1927	usb_unlock_device(usb_dev); // complements locktree


diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index 15477008b631..485edf937f25 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c
@@ -82,9 +82,13 @@ static ssize_t show_##name(struct device *dev, \
82	struct device_attribute attr, char buf) \	82	struct device_attribute attr, char buf) \
83	{ \	83	{ \
84	struct usb_device *udev; \	84	struct usb_device *udev; \
		85	int retval; \
85	\	86	\
86	udev = to_usb_device(dev); \	87	udev = to_usb_device(dev); \
87	return sprintf(buf, "%s\n", udev->name); \	88	usb_lock_device(udev); \
		89	retval = sprintf(buf, "%s\n", udev->name); \
		90	usb_unlock_device(udev); \
		91	return retval; \
88	} \	92	} \
89	static DEVICE_ATTR(name, S_IRUGO, show_##name, NULL);	93	static DEVICE_ATTR(name, S_IRUGO, show_##name, NULL);
90		94