From 8a4613f01f5bb850cab34e3db572d97251d997b3 Mon Sep 17 00:00:00 2001 From: Luiz Fernando Capitulino Date: Mon, 28 Nov 2005 19:16:07 -0200 Subject: [PATCH] USB: usbserial: race-condition fix. There is a race-condition in usb-serial driver that can be triggered if a processes does 'port->tty->driver_data = NULL' in serial_close() while other processes is in kernel-space about to call serial_ioctl() on the same port. This happens because a process can open the device while there is another one closing it. The patch below fixes that by adding a semaphore to ensure that no process will open the device while another process is closing it. Note that we can't use spinlocks here, since serial_open() and serial_close() can sleep. Signed-off-by: Luiz Capitulino Signed-off-by: Greg Kroah-Hartman --- drivers/usb/serial/usb-serial.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'drivers/usb/serial/usb-serial.h') diff --git a/drivers/usb/serial/usb-serial.h b/drivers/usb/serial/usb-serial.h index 238a5a871ed6..d7d27c3385b3 100644 --- a/drivers/usb/serial/usb-serial.h +++ b/drivers/usb/serial/usb-serial.h @@ -16,6 +16,7 @@ #include #include +#include #define SERIAL_TTY_MAJOR 188 /* Nice legal number now */ #define SERIAL_TTY_MINORS 255 /* loads of devices :) */ @@ -30,6 +31,8 @@ * @serial: pointer back to the struct usb_serial owner of this port. * @tty: pointer to the corresponding tty for this port. * @lock: spinlock to grab when updating portions of this structure. + * @sem: semaphore used to synchronize serial_open() and serial_close() + * access for this port. * @number: the number of the port (the minor number). * @interrupt_in_buffer: pointer to the interrupt in buffer for this port. * @interrupt_in_urb: pointer to the interrupt in struct urb for this port. @@ -60,6 +63,7 @@ struct usb_serial_port { struct usb_serial * serial; struct tty_struct * tty; spinlock_t lock; + struct semaphore sem; unsigned char number; unsigned char * interrupt_in_buffer; -- cgit v1.2.2