USB: cdc-acm: fix write and suspend race

Fix race between write() and suspend() which could lead to writes being dropped (or I/O while suspended) if the device is runtime suspended while a write request is being processed. Specifically, suspend() releases the write_lock after determining the device is idle but before incrementing the susp_count, thus leaving a window where a concurrent write() can submit an urb. Fixes: 11ea859d64b6 ("USB: additional power savings for cdc-acm devices that support remote wakeup") Cc: <stable@vger.kernel.org> # v2.6.27 Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Johan Hovold <jhovold@gmail.com> 2014-05-26 13:23:36 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-05-27 18:04:08 -0400
commit: 5a345c20c17d87099224a4be12e69e5bd7023dca (patch)
tree: 8a5c3fd60129a12f9bd33e7f98dd4135e5bbf2c8 /drivers/usb/class
parent: 90419cfcb5d9c889b10dc51363c56a4d394d670e (diff)
1 files changed, 6 insertions, 9 deletions
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 904efb6035b0..3bd4226c13dc 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
        struct acm *acm = usb_get_intfdata(intf);
        int cnt;
+        spin_lock_irq(&acm->read_lock);
+        spin_lock(&acm->write_lock);
        if (PMSG_IS_AUTO(message)) {
-                int b;
+                if (acm->transmitting) {
+                        spin_unlock(&acm->write_lock);
-                spin_lock_irq(&acm->write_lock);
+                        spin_unlock_irq(&acm->read_lock);
-                b = acm->transmitting;
-                spin_unlock_irq(&acm->write_lock);
-                if (b)
                        return -EBUSY;
+                }
        }
-        spin_lock_irq(&acm->read_lock);
-        spin_lock(&acm->write_lock);
        cnt = acm->susp_count++;
        spin_unlock(&acm->write_lock);
        spin_unlock_irq(&acm->read_lock);
author	Johan Hovold <jhovold@gmail.com>	2014-05-26 13:23:36 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2014-05-27 18:04:08 -0400
commit	5a345c20c17d87099224a4be12e69e5bd7023dca (patch)
tree	8a5c3fd60129a12f9bd33e7f98dd4135e5bbf2c8 /drivers/usb/class
parent	90419cfcb5d9c889b10dc51363c56a4d394d670e (diff)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 904efb6035b0..3bd4226c13dc 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c
@@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
1514	struct acm *acm = usb_get_intfdata(intf);	1514	struct acm *acm = usb_get_intfdata(intf);
1515	int cnt;	1515	int cnt;
1516		1516
		1517	spin_lock_irq(&acm->read_lock);
		1518	spin_lock(&acm->write_lock);
1517	if (PMSG_IS_AUTO(message)) {	1519	if (PMSG_IS_AUTO(message)) {
1518	int b;	1520	if (acm->transmitting) {
1519		1521	spin_unlock(&acm->write_lock);
1520	spin_lock_irq(&acm->write_lock);	1522	spin_unlock_irq(&acm->read_lock);
1521	b = acm->transmitting;
1522	spin_unlock_irq(&acm->write_lock);
1523	if (b)
1524	return -EBUSY;	1523	return -EBUSY;
		1524	}
1525	}	1525	}
1526
1527	spin_lock_irq(&acm->read_lock);
1528	spin_lock(&acm->write_lock);
1529	cnt = acm->susp_count++;	1526	cnt = acm->susp_count++;
1530	spin_unlock(&acm->write_lock);	1527	spin_unlock(&acm->write_lock);
1531	spin_unlock_irq(&acm->read_lock);	1528	spin_unlock_irq(&acm->read_lock);