Commit 860e41a7 authored by Oliver Neukum's avatar Oliver Neukum Committed by Greg Kroah-Hartman

usb: cdc-wdm: Fix race between write and disconnect

Unify mutexes to fix a race between write and disconnect
and shift the test for disconnection to always report it.
Signed-off-by: default avatarOliver Neukum <neukum@b1-systems.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent aa471456
...@@ -87,9 +87,7 @@ struct wdm_device { ...@@ -87,9 +87,7 @@ struct wdm_device {
int count; int count;
dma_addr_t shandle; dma_addr_t shandle;
dma_addr_t ihandle; dma_addr_t ihandle;
struct mutex wlock; struct mutex lock;
struct mutex rlock;
struct mutex plock;
wait_queue_head_t wait; wait_queue_head_t wait;
struct work_struct rxwork; struct work_struct rxwork;
int werr; int werr;
...@@ -305,14 +303,38 @@ static ssize_t wdm_write ...@@ -305,14 +303,38 @@ static ssize_t wdm_write
if (we < 0) if (we < 0)
return -EIO; return -EIO;
r = mutex_lock_interruptible(&desc->wlock); /* concurrent writes */ desc->outbuf = buf = kmalloc(count, GFP_KERNEL);
if (!buf) {
rv = -ENOMEM;
goto outnl;
}
r = copy_from_user(buf, buffer, count);
if (r > 0) {
kfree(buf);
rv = -EFAULT;
goto outnl;
}
/* concurrent writes and disconnect */
r = mutex_lock_interruptible(&desc->lock);
rv = -ERESTARTSYS; rv = -ERESTARTSYS;
if (r) if (r) {
kfree(buf);
goto outnl; goto outnl;
}
if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
kfree(buf);
rv = -ENODEV;
goto outnp;
}
r = usb_autopm_get_interface(desc->intf); r = usb_autopm_get_interface(desc->intf);
if (r < 0) if (r < 0) {
kfree(buf);
goto outnp; goto outnp;
}
if (!file->f_flags && O_NONBLOCK) if (!file->f_flags && O_NONBLOCK)
r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
...@@ -320,24 +342,8 @@ static ssize_t wdm_write ...@@ -320,24 +342,8 @@ static ssize_t wdm_write
else else
if (test_bit(WDM_IN_USE, &desc->flags)) if (test_bit(WDM_IN_USE, &desc->flags))
r = -EAGAIN; r = -EAGAIN;
if (r < 0) if (r < 0) {
goto out;
if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
rv = -ENODEV;
goto out;
}
desc->outbuf = buf = kmalloc(count, GFP_KERNEL);
if (!buf) {
rv = -ENOMEM;
goto out;
}
r = copy_from_user(buf, buffer, count);
if (r > 0) {
kfree(buf); kfree(buf);
rv = -EFAULT;
goto out; goto out;
} }
...@@ -374,7 +380,7 @@ static ssize_t wdm_write ...@@ -374,7 +380,7 @@ static ssize_t wdm_write
out: out:
usb_autopm_put_interface(desc->intf); usb_autopm_put_interface(desc->intf);
outnp: outnp:
mutex_unlock(&desc->wlock); mutex_unlock(&desc->lock);
outnl: outnl:
return rv < 0 ? rv : count; return rv < 0 ? rv : count;
} }
...@@ -387,7 +393,7 @@ static ssize_t wdm_read ...@@ -387,7 +393,7 @@ static ssize_t wdm_read
struct wdm_device *desc = file->private_data; struct wdm_device *desc = file->private_data;
rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ rv = mutex_lock_interruptible(&desc->lock); /*concurrent reads */
if (rv < 0) if (rv < 0)
return -ERESTARTSYS; return -ERESTARTSYS;
...@@ -465,7 +471,7 @@ retry: ...@@ -465,7 +471,7 @@ retry:
rv = cntr; rv = cntr;
err: err:
mutex_unlock(&desc->rlock); mutex_unlock(&desc->lock);
if (rv < 0 && rv != -EAGAIN) if (rv < 0 && rv != -EAGAIN)
dev_err(&desc->intf->dev, "wdm_read: exit error\n"); dev_err(&desc->intf->dev, "wdm_read: exit error\n");
return rv; return rv;
...@@ -533,7 +539,7 @@ static int wdm_open(struct inode *inode, struct file *file) ...@@ -533,7 +539,7 @@ static int wdm_open(struct inode *inode, struct file *file)
} }
intf->needs_remote_wakeup = 1; intf->needs_remote_wakeup = 1;
mutex_lock(&desc->plock); mutex_lock(&desc->lock);
if (!desc->count++) { if (!desc->count++) {
rv = usb_submit_urb(desc->validity, GFP_KERNEL); rv = usb_submit_urb(desc->validity, GFP_KERNEL);
if (rv < 0) { if (rv < 0) {
...@@ -544,7 +550,7 @@ static int wdm_open(struct inode *inode, struct file *file) ...@@ -544,7 +550,7 @@ static int wdm_open(struct inode *inode, struct file *file)
} else { } else {
rv = 0; rv = 0;
} }
mutex_unlock(&desc->plock); mutex_unlock(&desc->lock);
usb_autopm_put_interface(desc->intf); usb_autopm_put_interface(desc->intf);
out: out:
mutex_unlock(&wdm_mutex); mutex_unlock(&wdm_mutex);
...@@ -556,9 +562,9 @@ static int wdm_release(struct inode *inode, struct file *file) ...@@ -556,9 +562,9 @@ static int wdm_release(struct inode *inode, struct file *file)
struct wdm_device *desc = file->private_data; struct wdm_device *desc = file->private_data;
mutex_lock(&wdm_mutex); mutex_lock(&wdm_mutex);
mutex_lock(&desc->plock); mutex_lock(&desc->lock);
desc->count--; desc->count--;
mutex_unlock(&desc->plock); mutex_unlock(&desc->lock);
if (!desc->count) { if (!desc->count) {
dev_dbg(&desc->intf->dev, "wdm_release: cleanup"); dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
...@@ -655,9 +661,7 @@ next_desc: ...@@ -655,9 +661,7 @@ next_desc:
desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL); desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
if (!desc) if (!desc)
goto out; goto out;
mutex_init(&desc->wlock); mutex_init(&desc->lock);
mutex_init(&desc->rlock);
mutex_init(&desc->plock);
spin_lock_init(&desc->iuspin); spin_lock_init(&desc->iuspin);
init_waitqueue_head(&desc->wait); init_waitqueue_head(&desc->wait);
desc->wMaxCommand = maxcom; desc->wMaxCommand = maxcom;
...@@ -772,7 +776,9 @@ static void wdm_disconnect(struct usb_interface *intf) ...@@ -772,7 +776,9 @@ static void wdm_disconnect(struct usb_interface *intf)
clear_bit(WDM_IN_USE, &desc->flags); clear_bit(WDM_IN_USE, &desc->flags);
spin_unlock_irqrestore(&desc->iuspin, flags); spin_unlock_irqrestore(&desc->iuspin, flags);
cancel_work_sync(&desc->rxwork); cancel_work_sync(&desc->rxwork);
mutex_lock(&desc->lock);
kill_urbs(desc); kill_urbs(desc);
mutex_unlock(&desc->lock);
wake_up_all(&desc->wait); wake_up_all(&desc->wait);
if (!desc->count) if (!desc->count)
cleanup(desc); cleanup(desc);
...@@ -786,7 +792,7 @@ static int wdm_suspend(struct usb_interface *intf, pm_message_t message) ...@@ -786,7 +792,7 @@ static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
mutex_lock(&desc->plock); mutex_lock(&desc->lock);
#ifdef CONFIG_PM #ifdef CONFIG_PM
if ((message.event & PM_EVENT_AUTO) && if ((message.event & PM_EVENT_AUTO) &&
test_bit(WDM_IN_USE, &desc->flags)) { test_bit(WDM_IN_USE, &desc->flags)) {
...@@ -798,7 +804,7 @@ static int wdm_suspend(struct usb_interface *intf, pm_message_t message) ...@@ -798,7 +804,7 @@ static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
#ifdef CONFIG_PM #ifdef CONFIG_PM
} }
#endif #endif
mutex_unlock(&desc->plock); mutex_unlock(&desc->lock);
return rv; return rv;
} }
...@@ -821,9 +827,9 @@ static int wdm_resume(struct usb_interface *intf) ...@@ -821,9 +827,9 @@ static int wdm_resume(struct usb_interface *intf)
int rv; int rv;
dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
mutex_lock(&desc->plock); mutex_lock(&desc->lock);
rv = recover_from_urb_loss(desc); rv = recover_from_urb_loss(desc);
mutex_unlock(&desc->plock); mutex_unlock(&desc->lock);
return rv; return rv;
} }
...@@ -831,7 +837,7 @@ static int wdm_pre_reset(struct usb_interface *intf) ...@@ -831,7 +837,7 @@ static int wdm_pre_reset(struct usb_interface *intf)
{ {
struct wdm_device *desc = usb_get_intfdata(intf); struct wdm_device *desc = usb_get_intfdata(intf);
mutex_lock(&desc->plock); mutex_lock(&desc->lock);
return 0; return 0;
} }
...@@ -841,7 +847,7 @@ static int wdm_post_reset(struct usb_interface *intf) ...@@ -841,7 +847,7 @@ static int wdm_post_reset(struct usb_interface *intf)
int rv; int rv;
rv = recover_from_urb_loss(desc); rv = recover_from_urb_loss(desc);
mutex_unlock(&desc->plock); mutex_unlock(&desc->lock);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment