[131/251] USB: mos7840: fix race in register handling
From: Steven Rostedt
Date: Wed Sep 11 2013 - 01:30:05 EST
3.6.11.9-rc1 stable review patch.
If anyone has any objections, please let me know.
------------------
From: Johan Hovold <jhovold@xxxxxxxxx>
[ Upstream commit d8a083cc746664916d9d36ed9e4d08a29525f245 ]
Fix race in mos7840_get_reg which unconditionally manipulated the
control urb (which may already be in use) by adding a control-urb busy
flag.
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
---
drivers/usb/serial/mos7840.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
index 15cc47d..2e218ee 100644
--- a/drivers/usb/serial/mos7840.c
+++ b/drivers/usb/serial/mos7840.c
@@ -187,6 +187,10 @@
#define LED_ON_MS 500
#define LED_OFF_MS 500
+enum mos7840_flag {
+ MOS7840_FLAG_CTRL_BUSY,
+};
+
static int device_type;
static const struct usb_device_id id_table[] = {
@@ -247,6 +251,8 @@ struct moschip_port {
bool led_flag;
struct timer_list led_timer1; /* Timer for LED on */
struct timer_list led_timer2; /* Timer for LED off */
+
+ unsigned long flags;
};
static bool debug;
@@ -507,11 +513,11 @@ static void mos7840_control_callback(struct urb *urb)
/* this urb is terminated, clean up */
dbg("%s - urb shutting down with status: %d", __func__,
status);
- return;
+ goto out;
default:
dbg("%s - nonzero urb status received: %d", __func__,
status);
- return;
+ goto out;
}
dbg("%s urb buffer size is %d", __func__, urb->actual_length);
@@ -524,6 +530,8 @@ static void mos7840_control_callback(struct urb *urb)
mos7840_handle_new_msr(mos7840_port, regval);
else if (mos7840_port->MsrLsr == 1)
mos7840_handle_new_lsr(mos7840_port, regval);
+out:
+ clear_bit_unlock(MOS7840_FLAG_CTRL_BUSY, &mos7840_port->flags);
}
static int mos7840_get_reg(struct moschip_port *mcs, __u16 Wval, __u16 reg,
@@ -534,6 +542,9 @@ static int mos7840_get_reg(struct moschip_port *mcs, __u16 Wval, __u16 reg,
unsigned char *buffer = mcs->ctrl_buf;
int ret;
+ if (test_and_set_bit_lock(MOS7840_FLAG_CTRL_BUSY, &mcs->flags))
+ return -EBUSY;
+
dr->bRequestType = MCS_RD_RTYPE;
dr->bRequest = MCS_RDREQ;
dr->wValue = cpu_to_le16(Wval); /* 0 */
@@ -545,6 +556,9 @@ static int mos7840_get_reg(struct moschip_port *mcs, __u16 Wval, __u16 reg,
mos7840_control_callback, mcs);
mcs->control_urb->transfer_buffer_length = 2;
ret = usb_submit_urb(mcs->control_urb, GFP_ATOMIC);
+ if (ret)
+ clear_bit_unlock(MOS7840_FLAG_CTRL_BUSY, &mcs->flags);
+
return ret;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/