| Message ID | tencent_9E3DBD3732961C37FC4AEC74E3763367E209@qq.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | usb: fix a task hung in snd_card_free | expand |
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 3beb6a862e80..dd037dc4cb37 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -2605,7 +2605,8 @@ static long usbdev_do_ioctl(struct file *file, unsigned int cmd, if (!(file->f_mode & FMODE_WRITE)) return -EPERM; - usb_lock_device(dev); + if (!usb_trylock_device(dev)) + return -EBUSY; /* Reap operations are allowed even after disconnection */ switch (cmd) {
task 1: snd ctrl will add card_dev ref count and can't call close to dec it, it is blocked waiting for task 2 to release the USB dev lock. task 2: usb dev lock has been locked by hung task (here is usb_disconnect), it is hung waiting for task 1 to exit and release card_dev. Adjust the USB lock acquisition method to non-blocking in ioctl to avoid hang when the USB connection is closed. Reported-and-tested-by: syzbot+73582d08864d8268b6fd@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=73582d08864d8268b6fd Signed-off-by: Edward Adam Davis <eadavis@qq.com> --- drivers/usb/core/devio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)