From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Russ Gorby <russ.gorby@intel.com>,
"Yin, Fengwei" <fengwei.yin@intel.com>,
Alan Cox <alan@linux.intel.com>
Subject: [ 18/33] n_gsm: added interlocking for gsm_data_lock for certain code paths
Date: Thu, 4 Oct 2012 14:26:40 -0700 [thread overview]
Message-ID: <20121004210600.709118485@linuxfoundation.org> (raw)
In-Reply-To: <20121004210558.383865383@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russ Gorby <russ.gorby@intel.com>
commit 5e44708f75b0f8712da715d6babb0c21089b2317 upstream.
There were some locking holes in the management of the MUX's
message queue for 2 code paths:
1) gsmld_write_wakeup
2) receipt of CMD_FCON flow-control message
In both cases gsm_data_kick is called w/o locking so it can collide
with other other instances of gsm_data_kick (pulling messages tx_tail)
or potentially other instances of __gsm_data_queu (adding messages to tx_head)
Changed to take the tx_lock in these 2 cases
Signed-off-by: Russ Gorby <russ.gorby@intel.com>
Tested-by: Yin, Fengwei <fengwei.yin@intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/n_gsm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1152,6 +1152,8 @@ static void gsm_control_message(struct g
u8 *data, int clen)
{
u8 buf[1];
+ unsigned long flags;
+
switch (command) {
case CMD_CLD: {
struct gsm_dlci *dlci = gsm->dlci[0];
@@ -1177,7 +1179,9 @@ static void gsm_control_message(struct g
gsm->constipated = 0;
gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
/* Kick the link in case it is idling */
+ spin_lock_irqsave(&gsm->tx_lock, flags);
gsm_data_kick(gsm);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
break;
case CMD_MSC:
/* Out of band modem line change indicator for a DLCI */
@@ -2269,12 +2273,12 @@ static void gsmld_write_wakeup(struct tt
/* Queue poll */
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
+ spin_lock_irqsave(&gsm->tx_lock, flags);
gsm_data_kick(gsm);
if (gsm->tx_bytes < TX_THRESH_LO) {
- spin_lock_irqsave(&gsm->tx_lock, flags);
gsm_dlci_data_sweep(gsm);
- spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
}
/**
next prev parent reply other threads:[~2012-10-04 21:33 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-04 21:26 [ 00/33] 3.0.45-stable review Greg Kroah-Hartman
2012-10-04 21:26 ` [ 01/33] vfs: dcache: fix deadlock in tree traversal Greg Kroah-Hartman
2012-10-04 21:26 ` [ 02/33] dm: handle requests beyond end of device instead of using BUG_ON Greg Kroah-Hartman
2012-10-04 21:26 ` [ 03/33] USB: option: blacklist QMI interface on ZTE MF683 Greg Kroah-Hartman
2012-10-04 21:26 ` [ 04/33] USB: ftdi_sio: add TIAO USB Multi-Protocol Adapter (TUMPA) support Greg Kroah-Hartman
2012-10-04 21:26 ` [ 05/33] USB: qcaux: add Pantech vendor class match Greg Kroah-Hartman
2012-10-04 21:26 ` [ 06/33] staging: speakup_soft: Fix reading of init string Greg Kroah-Hartman
2012-10-04 21:26 ` [ 07/33] staging: comedi: s626: dont dereference insn->data Greg Kroah-Hartman
2012-10-04 21:26 ` [ 08/33] staging: comedi: jr3_pci: fix iomem dereference Greg Kroah-Hartman
2012-10-04 21:26 ` [ 09/33] staging: comedi: dont dereference user memory for INSN_INTTRIG Greg Kroah-Hartman
2012-10-04 21:26 ` [ 10/33] staging: comedi: fix memory leak for saved channel list Greg Kroah-Hartman
2012-10-04 21:26 ` [ 11/33] Remove BUG_ON from n_tty_read() Greg Kroah-Hartman
2012-10-04 21:26 ` [ 12/33] TTY: ttyprintk, dont touch behind tty->write_buf Greg Kroah-Hartman
2012-10-04 21:26 ` [ 13/33] serial: pl011: handle corruption at high clock speeds Greg Kroah-Hartman
2012-10-04 21:26 ` [ 14/33] serial: set correct baud_base for EXSYS EX-41092 Dual 16950 Greg Kroah-Hartman
2012-10-04 21:26 ` [ 15/33] b43legacy: Fix crash on unload when firmware not available Greg Kroah-Hartman
2012-10-04 21:26 ` [ 16/33] firmware: Add missing attributes to EFI variable attribute print out from sysfs Greg Kroah-Hartman
2012-10-04 21:26 ` [ 17/33] xhci: Intel Panther Point BEI quirk Greg Kroah-Hartman
2012-10-04 21:26 ` Greg Kroah-Hartman [this message]
2012-10-04 21:26 ` [ 19/33] coredump: prevent double-free on an error path in core dumper Greg Kroah-Hartman
2012-10-04 21:26 ` [ 20/33] Increase XHCI suspend timeout to 16ms Greg Kroah-Hartman
2012-10-04 21:26 ` [ 21/33] n_gsm: memory leak in uplink error path Greg Kroah-Hartman
2012-10-04 21:26 ` [ 22/33] UBI: fix autoresize handling in R/O mode Greg Kroah-Hartman
2012-10-04 21:26 ` [ 23/33] SCSI: ibmvscsi: Fix host config length field overflow Greg Kroah-Hartman
2012-10-04 21:26 ` [ 24/33] SCSI: hpsa: Use LUN reset instead of target reset Greg Kroah-Hartman
2012-10-04 21:26 ` [ 25/33] can: mscan-mpc5xxx: fix return value check in mpc512x_can_get_clock() Greg Kroah-Hartman
2012-10-04 21:26 ` [ 26/33] IPoIB: Fix use-after-free of multicast object Greg Kroah-Hartman
2012-10-04 21:26 ` [ 27/33] IB/srp: Fix use-after-free in srp_reset_req() Greg Kroah-Hartman
2012-10-04 21:26 ` [ 28/33] IB/srp: Avoid having aborted requests hang Greg Kroah-Hartman
2012-10-04 21:26 ` [ 29/33] isci: fix isci_pci_probe() generates warning on efi failure path Greg Kroah-Hartman
2012-10-04 21:26 ` [ 30/33] x86/alternatives: Fix p6 nops on non-modular kernels Greg Kroah-Hartman
2012-10-04 21:26 ` [Qemu-devel] " Greg Kroah-Hartman
2012-10-04 21:26 ` [ 31/33] PCI: honor child buses add_size in hot plug configuration Greg Kroah-Hartman
2012-10-04 21:26 ` [ 32/33] SCSI: scsi_remove_target: fix softlockup regression on hot remove Greg Kroah-Hartman
2012-10-04 21:26 ` [ 33/33] SCSI: scsi_dh_alua: Enable STPG for unavailable ports Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121004210600.709118485@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@linux.intel.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=fengwei.yin@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=russ.gorby@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.