[PATCH 4.18 15/34] cdc-acm: do not reset notification buffer index upon urb unlinking

From: Greg Kroah-Hartman
Date: Thu Nov 08 2018 - 17:12:39 EST


4.18-stable review patch. If anyone has any objections, please let me know.

------------------

From: Tobias Herzog <t-herzog@xxxxxx>

commit dae3ddba36f8c337fb59cef07d564da6fc9b7551 upstream.

Resetting the write index of the notification buffer on urb unlink (e.g.
closing a cdc-acm device from userspace) may lead to wrong interpretation
of further received notifications, in case the index is not 0 when urb
unlink happens (i.e. when parts of a notification already have been
transferred). On the device side there is no "reset" of the notification
transimission and thus we would get out of sync with the device.

Signed-off-by: Tobias Herzog <t-herzog@xxxxxx>
Acked-by: Oliver Neukum <oneukum@xxxxxxxx>
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/usb/class/cdc-acm.c | 1 -
1 file changed, 1 deletion(-)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -354,7 +354,6 @@ static void acm_ctrl_irq(struct urb *urb
case -ENOENT:
case -ESHUTDOWN:
/* this urb is terminated, clean up */
- acm->nb_index = 0;
dev_dbg(&acm->control->dev,
"%s - urb shutting down with status: %d\n",
__func__, status);