| Message ID | 1437fea1a8e1ca2c00870451197611df29c1a7ac.1551253561.git.mirq-linux@rere.qmqm.pl (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | usb: gadget: u_serial: console for multiple ports | expand |
On Wed, Feb 27, 2019 at 08:48:56AM +0100, Michał Mirosław wrote: > gserial_alloc_line() misses locking (for a release barrier) while > resetting port entry on TTY allocation failure. Fix this. > > Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> > --- > drivers/usb/gadget/function/u_serial.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c > index 65f634ec7fc2..bb1e2e1d0076 100644 > --- a/drivers/usb/gadget/function/u_serial.c > +++ b/drivers/usb/gadget/function/u_serial.c > @@ -1239,8 +1239,10 @@ int gserial_alloc_line(unsigned char *line_num) > __func__, port_num, PTR_ERR(tty_dev)); > > ret = PTR_ERR(tty_dev); > + mutex_lock(&ports[port_num].lock); > port = ports[port_num].port; > ports[port_num].port = NULL; > + mutex_unlock(&ports[port_num].lock); > gserial_free_port(port); > goto err; > } Should this be backported to stable kernels to resolve this issue? thanks, greg k-h
On Wed, Feb 27, 2019 at 09:41:07AM +0100, Greg Kroah-Hartman wrote: > On Wed, Feb 27, 2019 at 08:48:56AM +0100, Michał Mirosław wrote: > > gserial_alloc_line() misses locking (for a release barrier) while > > resetting port entry on TTY allocation failure. Fix this. > > > > Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> > > --- > > drivers/usb/gadget/function/u_serial.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c > > index 65f634ec7fc2..bb1e2e1d0076 100644 > > --- a/drivers/usb/gadget/function/u_serial.c > > +++ b/drivers/usb/gadget/function/u_serial.c > > @@ -1239,8 +1239,10 @@ int gserial_alloc_line(unsigned char *line_num) > > __func__, port_num, PTR_ERR(tty_dev)); > > > > ret = PTR_ERR(tty_dev); > > + mutex_lock(&ports[port_num].lock); > > port = ports[port_num].port; > > ports[port_num].port = NULL; > > + mutex_unlock(&ports[port_num].lock); > > gserial_free_port(port); > > goto err; > > } > > Should this be backported to stable kernels to resolve this issue? This code has been there for ages and the failure case is rather obscure, but I guess it won't hurt to fix it. Best Regards, Michał Mirosław
diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index 65f634ec7fc2..bb1e2e1d0076 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -1239,8 +1239,10 @@ int gserial_alloc_line(unsigned char *line_num) __func__, port_num, PTR_ERR(tty_dev)); ret = PTR_ERR(tty_dev); + mutex_lock(&ports[port_num].lock); port = ports[port_num].port; ports[port_num].port = NULL; + mutex_unlock(&ports[port_num].lock); gserial_free_port(port); goto err; }
gserial_alloc_line() misses locking (for a release barrier) while resetting port entry on TTY allocation failure. Fix this. Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> --- drivers/usb/gadget/function/u_serial.c | 2 ++ 1 file changed, 2 insertions(+)