Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp538574pxb; Wed, 29 Sep 2021 04:45:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJykvnbEgz6Cx4J1aeGgivqLrqN+9lPIXO8JPM5MxiY7q//qdY39V+2atN7uptV6jcusikXb X-Received: by 2002:a05:6a00:26df:b0:44b:ae4a:92fe with SMTP id p31-20020a056a0026df00b0044bae4a92femr2867261pfw.42.1632915912364; Wed, 29 Sep 2021 04:45:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632915912; cv=none; d=google.com; s=arc-20160816; b=PcgdDSj9QpVrx2/hk3vopOLusq4stoG4N8rTVliYe3OpZjyVfLnyHwO9/gRrRDWSd9 wt1/GxIEKO/uQM0NSQkfbpN6UKhVJ/3k0qONRuXLRPja+EUWx7O5p3LCatkiLLKDZL+b ful7a4FPlPXHpvr3t2IZ2pscOCiO1duHWQnz6pMBp7a6HQZS8ptPyyTh7H+cOenBeIt6 yynjistK9B/4DPfRbpYIBlo/6Zj83tKXQN57CkXOVVYGHxym3kBag7aIYz4W7lDoyPVF vOMzFQ03CVfepJCfXxDW/DP7EvH0oyjW4qYpKOzZwYP69DOHHIGiguG0gISA9Kwu8tGl LsVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qHan7WkSMPQhtmm5tGSQAQTdSofkqK3Ls8aO6XRdfgQ=; b=xRJZogAWkKQMxUwe4JXabuq3jjYu8fPJrCHX02wAPShHrHj8xb5zaGYdovHxrYGynw b+RMv00toHxMsleLcdU2tDWx+WIoNXonhHHzU0ApqiyRqka5Uk2DInew9plEQWjOJOdW FcimcsOj7w+CAuA2Uw4HVarIuOjoMOvaZQuBgbJ0dOwQ1twgFiRpMsp9VjFmnFON2Zvo dyOnww/QCIqA3XHng0VygATXHb9Q7/fhmv2mBCJ8K7vWIx68KJ/YYTmJafPQP2XjGyXd 2Cw28bIsOEU1STWMolRaeAm36MA4PzIIUzicWngtu679N9vySJPDZNQGR3/JCDCZBpaO xdOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="e/QOKfBP"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l16si2693077plg.100.2021.09.29.04.45.00; Wed, 29 Sep 2021 04:45:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="e/QOKfBP"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245009AbhI2JLt (ORCPT + 99 others); Wed, 29 Sep 2021 05:11:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:37434 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244987AbhI2JLp (ORCPT ); Wed, 29 Sep 2021 05:11:45 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A6F5A6140A; Wed, 29 Sep 2021 09:10:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1632906604; bh=HDZp98w3++Y5UWKDXkO1SJkLWJPyJ4G4ENH8NxQrItI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e/QOKfBPDMm1GTIUZOq6lIEhDEYxsIxTv41vm6VTc0aWrrW8UVrpY8L+jH3PztLqP 6AUIxsTQRTP5l0MkGuSUvrNgUd++2C6SjcjO0xcHZ0PsQCABqOyEKecLwGsu775B1j mI9EZr5jJPIR9+LkYAp7G8D5wdJfW2XVDec/vqgWhxBNFdsXqn0jpw/FWV74dak34E nwrPynNZxM1+oIF27cYQD8rTzt+DDPKpt1LnX09HiaFFzlpAbVNL+7U2E2VLiiqGlt o3/6WnxTxENhV33u2cGiA9uUKXfyfBy/C9ZbSaODX0+3QNwcRABrfiHjgMCF59crVL XPGfv7vPFrZIw== Received: from johan by xi.lan with local (Exim 4.94.2) (envelope-from ) id 1mVVbJ-0001wT-OP; Wed, 29 Sep 2021 11:10:05 +0200 From: Johan Hovold To: Oliver Neukum , Greg Kroah-Hartman Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, Johan Hovold , stable@vger.kernel.org Subject: [PATCH 1/2] USB: cdc-acm: fix racy tty buffer accesses Date: Wed, 29 Sep 2021 11:09:36 +0200 Message-Id: <20210929090937.7410-2-johan@kernel.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210929090937.7410-1-johan@kernel.org> References: <20210929090937.7410-1-johan@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A recent change that started reporting break events to the line discipline caused the tty-buffer insertions to no longer be serialised by inserting events also from the completion handler for the interrupt endpoint. Completion calls for distinct endpoints are not guaranteed to be serialised. For example, in case a host-controller driver uses bottom-half completion, the interrupt and bulk-in completion handlers can end up running in parallel on two CPUs (high-and low-prio tasklets, respectively) thereby breaking the tty layer's single producer assumption. Fix this by holding the read lock also when inserting characters from the bulk endpoint. Fixes: 08dff274edda ("cdc-acm: fix BREAK rx code path adding necessary calls") Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold --- drivers/usb/class/cdc-acm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 4e2f1552f4b7..c7a1736720e7 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -475,11 +475,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags) static void acm_process_read_urb(struct acm *acm, struct urb *urb) { + unsigned long flags; + if (!urb->actual_length) return; + spin_lock_irqsave(&acm->read_lock, flags); tty_insert_flip_string(&acm->port, urb->transfer_buffer, urb->actual_length); + spin_unlock_irqrestore(&acm->read_lock, flags); + tty_flip_buffer_push(&acm->port); } -- 2.32.0