USB: document some API requirements on disconnection

A call to usb_set_interface() crashes if the device is deallocated concurrently, such as due to physical removal or a serious IO error. It could also interfere with other drivers using the device if the current driver is unbound before the call is finished. Document the need to delay driver unbinding until this call returns, which solves both issues. Document the same regarding usb_clear_halt(), which is equally known to be routinely called by drivers. Explicitly mention finishing pending operations in the documentation of the driver disconnect callback. Signed-off-by: Michal Pecio <michal.pecio@gmail.com> Link: https://lore.kernel.org/r/20240218092515.7635ff8c@foxbook Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mariux64 · Mar 2, 2024 · 9f2a393 · 9f2a393
1 parent be95cc6
commit 9f2a393
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/Documentation/driver-api/usb/callbacks.rst b/Documentation/driver-api/usb/callbacks.rst
@@ -99,8 +99,10 @@ The disconnect() callback
 This callback is a signal to break any connection with an interface.
 You are not allowed any IO to a device after returning from this
 callback. You also may not do any other operation that may interfere
-with another driver bound the interface, eg. a power management
-operation.
+with another driver bound to the interface, eg. a power management
+operation. Outstanding operations on the device must be completed or
+aborted before this callback may return.
+
 If you are called due to a physical disconnection, all your URBs will be
 killed by usbcore. Note that in this case disconnect will be called some
 time after the physical disconnection. Thus your driver must be prepared

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
@@ -1198,6 +1198,8 @@ EXPORT_SYMBOL_GPL(usb_get_status);
  * same status code used to report a true stall.
  *
  * This call is synchronous, and may not be used in an interrupt context.
+ * If a thread in your driver uses this call, make sure your disconnect()
+ * method can wait for it to complete.
  *
  * Return: Zero on success, or else the status code returned by the
  * underlying usb_control_msg() call.
@@ -1516,7 +1518,8 @@ void usb_enable_interface(struct usb_device *dev,
  * This call is synchronous, and may not be used in an interrupt context.
  * Also, drivers must not change altsettings while urbs are scheduled for
  * endpoints in that interface; all such urbs must first be completed
- * (perhaps forced by unlinking).
+ * (perhaps forced by unlinking). If a thread in your driver uses this call,
+ * make sure your disconnect() method can wait for it to complete.
  *
  * Return: Zero on success, or else the status code returned by the
  * underlying usb_control_msg() call.