* [PATCH 1/2] USB: cdc-acm: fix racy tty buffer accesses
[not found] <20210929090937.7410-1-johan@kernel.org>
@ 2021-09-29 9:09 ` Johan Hovold
2021-09-30 9:04 ` Oliver Neukum
2021-09-29 9:09 ` [PATCH 2/2] USB: cdc-acm: fix break reporting Johan Hovold
1 sibling, 1 reply; 4+ messages in thread
From: Johan Hovold @ 2021-09-29 9:09 UTC (permalink / raw)
To: Oliver Neukum, Greg Kroah-Hartman
Cc: linux-usb, linux-kernel, Johan Hovold, stable
A recent change that started reporting break events to the line
discipline caused the tty-buffer insertions to no longer be serialised
by inserting events also from the completion handler for the interrupt
endpoint.
Completion calls for distinct endpoints are not guaranteed to be
serialised. For example, in case a host-controller driver uses
bottom-half completion, the interrupt and bulk-in completion handlers
can end up running in parallel on two CPUs (high-and low-prio tasklets,
respectively) thereby breaking the tty layer's single producer
assumption.
Fix this by holding the read lock also when inserting characters from
the bulk endpoint.
Fixes: 08dff274edda ("cdc-acm: fix BREAK rx code path adding necessary calls")
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
---
drivers/usb/class/cdc-acm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 4e2f1552f4b7..c7a1736720e7 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -475,11 +475,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags)
static void acm_process_read_urb(struct acm *acm, struct urb *urb)
{
+ unsigned long flags;
+
if (!urb->actual_length)
return;
+ spin_lock_irqsave(&acm->read_lock, flags);
tty_insert_flip_string(&acm->port, urb->transfer_buffer,
urb->actual_length);
+ spin_unlock_irqrestore(&acm->read_lock, flags);
+
tty_flip_buffer_push(&acm->port);
}
--
2.32.0
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 2/2] USB: cdc-acm: fix break reporting
[not found] <20210929090937.7410-1-johan@kernel.org>
2021-09-29 9:09 ` [PATCH 1/2] USB: cdc-acm: fix racy tty buffer accesses Johan Hovold
@ 2021-09-29 9:09 ` Johan Hovold
2021-09-30 9:05 ` Oliver Neukum
1 sibling, 1 reply; 4+ messages in thread
From: Johan Hovold @ 2021-09-29 9:09 UTC (permalink / raw)
To: Oliver Neukum, Greg Kroah-Hartman
Cc: linux-usb, linux-kernel, Johan Hovold, stable
A recent change that started reporting break events forgot to push the
event to the line discipline, which meant that a detected break would
not be reported until further characters had been receive (the port
could even have been closed and reopened in between).
Fixes: 08dff274edda ("cdc-acm: fix BREAK rx code path adding necessary calls")
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
---
drivers/usb/class/cdc-acm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index c7a1736720e7..7b2e2420ecae 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -340,6 +340,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf)
acm->iocount.overrun++;
spin_unlock_irqrestore(&acm->read_lock, flags);
+ if (newctrl & ACM_CTRL_BRK)
+ tty_flip_buffer_push(&acm->port);
+
if (difference)
wake_up_all(&acm->wioctl);
--
2.32.0
^ permalink raw reply related [flat|nested] 4+ messages in thread