USB: cdc-acm: fix write and suspend race

Fix race between write() and suspend() which could lead to writes being
dropped (or I/O while suspended) if the device is runtime suspended
while a write request is being processed.

Specifically, suspend() releases the write_lock after determining the
device is idle but before incrementing the susp_count, thus leaving a
window where a concurrent write() can submit an urb.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Cc: <stable@vger.kernel.org>        # v2.6.27
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Johan Hovold 2014-05-26 19:23:36 +02:00 committed by Greg Kroah-Hartman
parent 90419cfcb5
commit 5a345c20c1
1 changed files with 7 additions and 10 deletions

View File

@ -1514,18 +1514,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
struct acm *acm = usb_get_intfdata(intf);
int cnt;
if (PMSG_IS_AUTO(message)) {
int b;
spin_lock_irq(&acm->write_lock);
b = acm->transmitting;
spin_unlock_irq(&acm->write_lock);
if (b)
return -EBUSY;
}
spin_lock_irq(&acm->read_lock);
spin_lock(&acm->write_lock);
if (PMSG_IS_AUTO(message)) {
if (acm->transmitting) {
spin_unlock(&acm->write_lock);
spin_unlock_irq(&acm->read_lock);
return -EBUSY;
}
}
cnt = acm->susp_count++;
spin_unlock(&acm->write_lock);
spin_unlock_irq(&acm->read_lock);