Linux-USB Archive on lore.kernel.org
 help / color / Atom feed
From: Ladislav Michl <ladis@linux-mips.org>
To: linux-usb@vger.kernel.org, linux-serial@vger.kernel.org
Cc: "Felipe Balbi" <balbi@kernel.org>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Michał Mirosław" <mirq-linux@rere.qmqm.pl>
Subject: [PATCH v2 1/5] usb: gadget: u_serial: Fix console_req complete event race
Date: Sat, 13 Jul 2019 23:10:31 +0200
Message-ID: <20190713211031.GB25753@lenoch> (raw)
In-Reply-To: <20190713210853.GA25753@lenoch>

gs_complete_out might be called before con_lock following usb_ep_queue
is locked, which prevents any future output on the console. Fix that by
resetting req_busy only if usb_ep_queue fails. While there also put
variable access we are racing with connection/disconnection events
under con_lock as well.

Fixes: a5beaaf39455 ("usb: gadget: Add the console support for usb-to-serial port")
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 - v2: None

 drivers/usb/gadget/function/u_serial.c | 41 +++++++++++---------------
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
index 65f634ec7fc2..876af4085cea 100644
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -984,47 +984,40 @@ static int gs_console_thread(void *data)
 	struct gs_port *port;
 	struct usb_request *req;
 	struct usb_ep *ep;
-	int xfer, ret, count, size;
+	int len, size, status;
 
+	spin_lock_irq(&info->con_lock);
 	do {
 		port = info->port;
-		set_current_state(TASK_INTERRUPTIBLE);
-		if (!port || !port->port_usb
-		    || !port->port_usb->in || !info->console_req)
+		if (!port || !port->port_usb || !info->console_req)
 			goto sched;
 
 		req = info->console_req;
 		ep = port->port_usb->in;
+		len = kfifo_len(&info->con_buf);
+		if (len > 0 && !info->req_busy) {
+			size = ep->maxpacket;
+			if (len < size)
+				size = len;
 
-		spin_lock_irq(&info->con_lock);
-		count = kfifo_len(&info->con_buf);
-		size = ep->maxpacket;
-
-		if (count > 0 && !info->req_busy) {
-			set_current_state(TASK_RUNNING);
-			if (count < size)
-				size = count;
-
-			xfer = kfifo_out(&info->con_buf, req->buf, size);
-			req->length = xfer;
-
-			spin_unlock(&info->con_lock);
-			ret = usb_ep_queue(ep, req, GFP_ATOMIC);
-			spin_lock(&info->con_lock);
-			if (ret < 0)
-				info->req_busy = 0;
-			else
-				info->req_busy = 1;
+			req->length = kfifo_out(&info->con_buf, req->buf, size);
+			info->req_busy = 1;
 
 			spin_unlock_irq(&info->con_lock);
+			status = usb_ep_queue(ep, req, GFP_ATOMIC);
+			spin_lock_irq(&info->con_lock);
+			if (status < 0)
+				info->req_busy = 0;
 		} else {
-			spin_unlock_irq(&info->con_lock);
 sched:
+			spin_unlock_irq(&info->con_lock);
 			if (kthread_should_stop()) {
 				set_current_state(TASK_RUNNING);
 				break;
 			}
 			schedule();
+			set_current_state(TASK_INTERRUPTIBLE);
+			spin_lock_irq(&info->con_lock);
 		}
 	} while (1);
 
-- 
2.22.0


  reply index

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-13 21:08 [PATCH v2 0/5] usb: gadget: u_serial: Fix and cleanup Ladislav Michl
2019-07-13 21:10 ` Ladislav Michl [this message]
2019-07-13 21:10 ` [PATCH v2 2/5] usb: gadget: u_serial: Remove console specific alloc/free req functions Ladislav Michl
2019-07-13 21:11 ` [PATCH v2 3/5] usb: gadget: u_serial: Fix console_req access race Ladislav Michl
2019-07-13 21:11 ` [PATCH v2 4/5] usb: gadget: u_serial: Fix starving write Ladislav Michl
2019-07-13 21:12 ` [PATCH v2 5/5] usb: gadget: u_serial: Use bool for req_busy Ladislav Michl
2019-07-14 10:04 ` [PATCH v2 0/5] usb: gadget: u_serial: Fix and cleanup Michał Mirosław
2019-07-14 11:37   ` Michał Mirosław
2019-07-14 13:22     ` Ladislav Michl
2019-07-15 10:40   ` Ladislav Michl

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190713211031.GB25753@lenoch \
    --to=ladis@linux-mips.org \
    --cc=balbi@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-serial@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mirq-linux@rere.qmqm.pl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-USB Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-usb/0 linux-usb/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-usb linux-usb/ https://lore.kernel.org/linux-usb \
		linux-usb@vger.kernel.org linux-usb@archiver.kernel.org
	public-inbox-index linux-usb


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-usb


AGPL code for this site: git clone https://public-inbox.org/ public-inbox