Skip to content

fix(usb_host_hid): Harden hid_host_device_close() against concurrent access [WIP] #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: fix/report_descriptor_pointer_usage_on_realloc
Choose a base branch
from
Draft

fix(usb_host_hid): Harden hid_host_device_close() against concurrent access [WIP] #321

wants to merge 2 commits into from
+53 −25

Conversation

@roma-jam
Copy link
Collaborator

@roma-jam roma-jam commented Nov 13, 2025

Description

Fixed potential race condition in hid_host_device_close() that could lead to double-free and list corruption under concurrent close/disconnect.

Related

  • N/A

Testing

  • TBC

Checklist

Before submitting a Pull Request, please ensure the following:

  • 🚨 This PR does not introduce breaking changes.
  • All CI checks (GH Actions) pass.
  • Documentation is updated as needed.
  • Tests are updated or added as necessary.
  • Code is well-commented, especially in complex areas.
  • Git history is clean — commits are squashed to the minimum necessary.

@roma-jam roma-jam self-assigned this Nov 13, 2025
@roma-jam roma-jam changed the title fix(usb_host_hid): Harden hid_host_device_close() against concurrent access fix(usb_host_hid): Harden hid_host_device_close() against concurrent access [WIP] Nov 13, 2025
tore-espressif
tore-espressif reviewed Nov 14, 2025
View reviewed changes
Copy link
Collaborator

@tore-espressif tore-espressif left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please consider adding tests

host/class/hid/usb_host_hid/hid_host.c
} else if ((hid_iface->state == HID_INTERFACE_STATE_WAIT_USER_DELETION ||
hid_iface->user_cb == NULL) &&
hid_iface->state != HID_INTERFACE_STATE_NOT_INITIALIZED) {
// Second close OR no user callback at all AND not already removed: remove from list
Copy link
Collaborator

@tore-espressif tore-espressif Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see that the '2 calls to close' was present even before. Can you explain why?

Copy link
Collaborator Author

@roma-jam roma-jam Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking a look! This is still Draft / [WIP]. I’m landing a minimal bug fix first and prepared a draft as we discussed yesterday; if needed, I’ll follow up with a separate refactor to simplify the close logic.

On the “two calls to close”: yes, that existed before. When the upper layer opens the interface, it owns a handle. The first call closes the interface; the second removes the interface from the list and invalidates the handle so the upper layer never holds a dangling reference.

I’m keeping that behavior unchanged here to keep the fix small and low-risk. If you see anything blocking for the bug-fix itself, please feel free to share; otherwise I’ll ping when it’s ready for full review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tore-espressif tore-espressif tore-espressif left review comments

Assignees

@roma-jam roma-jam

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@roma-jam @tore-espressif