From: Johan Hovold Date: Mon, 26 May 2014 17:23:36 +0000 (+0200) Subject: USB: cdc-acm: fix write and suspend race X-Git-Tag: firefly_0821_release~176^2~3465^2~37^2~95 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=5a345c20c17d87099224a4be12e69e5bd7023dca;p=firefly-linux-kernel-4.4.55.git USB: cdc-acm: fix write and suspend race Fix race between write() and suspend() which could lead to writes being dropped (or I/O while suspended) if the device is runtime suspended while a write request is being processed. Specifically, suspend() releases the write_lock after determining the device is idle but before incrementing the susp_count, thus leaving a window where a concurrent write() can submit an urb. Fixes: 11ea859d64b6 ("USB: additional power savings for cdc-acm devices that support remote wakeup") Cc: # v2.6.27 Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 904efb6035b0..3bd4226c13dc 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message) struct acm *acm = usb_get_intfdata(intf); int cnt; + spin_lock_irq(&acm->read_lock); + spin_lock(&acm->write_lock); if (PMSG_IS_AUTO(message)) { - int b; - - spin_lock_irq(&acm->write_lock); - b = acm->transmitting; - spin_unlock_irq(&acm->write_lock); - if (b) + if (acm->transmitting) { + spin_unlock(&acm->write_lock); + spin_unlock_irq(&acm->read_lock); return -EBUSY; + } } - - spin_lock_irq(&acm->read_lock); - spin_lock(&acm->write_lock); cnt = acm->susp_count++; spin_unlock(&acm->write_lock); spin_unlock_irq(&acm->read_lock);