提交 5a345c20 编写于 作者: J Johan Hovold 提交者: Greg Kroah-Hartman

USB: cdc-acm: fix write and suspend race

Fix race between write() and suspend() which could lead to writes being
dropped (or I/O while suspended) if the device is runtime suspended
while a write request is being processed.

Specifically, suspend() releases the write_lock after determining the
device is idle but before incrementing the susp_count, thus leaving a
window where a concurrent write() can submit an urb.

Fixes: 11ea859d ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Cc: <stable@vger.kernel.org>        # v2.6.27
Signed-off-by: NJohan Hovold <jhovold@gmail.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
上级 90419cfc
...@@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message) ...@@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
struct acm *acm = usb_get_intfdata(intf); struct acm *acm = usb_get_intfdata(intf);
int cnt; int cnt;
spin_lock_irq(&acm->read_lock);
spin_lock(&acm->write_lock);
if (PMSG_IS_AUTO(message)) { if (PMSG_IS_AUTO(message)) {
int b; if (acm->transmitting) {
spin_unlock(&acm->write_lock);
spin_lock_irq(&acm->write_lock); spin_unlock_irq(&acm->read_lock);
b = acm->transmitting;
spin_unlock_irq(&acm->write_lock);
if (b)
return -EBUSY; return -EBUSY;
}
} }
spin_lock_irq(&acm->read_lock);
spin_lock(&acm->write_lock);
cnt = acm->susp_count++; cnt = acm->susp_count++;
spin_unlock(&acm->write_lock); spin_unlock(&acm->write_lock);
spin_unlock_irq(&acm->read_lock); spin_unlock_irq(&acm->read_lock);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册