asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers
History
Johan Hovold 18e6f30276 USB: cdc-acm: fix unthrottle races 
commit 764478f41130f1b8d8057575b89e69980a0f600d upstream.

Fix two long-standing bugs which could potentially lead to memory
corruption or leave the port throttled until it is reopened (on weakly
ordered systems), respectively, when read-URB completion races with
unthrottle().

First, the URB must not be marked as free before processing is complete
to prevent it from being submitted by unthrottle() on another CPU.

	CPU 1				CPU 2
	================		================
	complete()			unthrottle()
	  process_urb();
	  smp_mb__before_atomic();
	  set_bit(i, free);		  if (test_and_clear_bit(i, free))
						  submit_urb();

Second, the URB must be marked as free before checking the throttled
flag to prevent unthrottle() on another CPU from failing to observe that
the URB needs to be submitted if complete() sees that the throttled flag
is set.

	CPU 1				CPU 2
	================		================
	complete()			unthrottle()
	  set_bit(i, free);		  throttled = 0;
	  smp_mb__after_atomic();	  smp_mb();
	  if (throttled)		  if (test_and_clear_bit(i, free))
		  return;			  submit_urb();

Note that test_and_clear_bit() only implies barriers when the test is
successful. To handle the case where the URB is still in use an explicit
barrier needs to be added to unthrottle() for the second race condition.

Also note that the first race was fixed by 36e59e0d70 ("cdc-acm: fix
race between callback and unthrottle") back in 2015, but the bug was
reintroduced a year later.

Fixes: 1aba579f3c ("cdc-acm: handle read pipe errors")
Fixes: 088c64f812 ("USB: cdc-acm: re-write read processing")
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-10 17:54:10 +02:00
..
accessibility
acpi Revert "ACPICA: Clear status of GPEs before enabling them" 2019-05-04 09:20:10 +02:00
amba
android binder: fix handling of misaligned binder object 2019-05-02 09:58:56 +02:00
ata libata: fix using DMA buffers on stack 2019-05-04 09:20:21 +02:00
atm atm: he: fix sign-extension overflow on large shift 2019-02-27 10:08:57 +01:00
auxdisplay auxdisplay: hd44780: Fix memory leak on ->remove() 2019-04-20 09:15:55 +02:00
base mm: hide incomplete nr_indirectly_reclaimable in sysfs 2019-04-20 09:16:05 +02:00
bcma
block virtio-blk: limit number of hw queues by nr_cpu_ids 2019-05-10 17:54:09 +02:00
bluetooth Bluetooth: mediatek: fix up an error path to restore bdev->tx_state 2019-05-08 07:21:52 +02:00
bus
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-04-05 22:33:10 +02:00
char tpm: Fix the type of the return value in calc_tpm2_event_size() 2019-04-27 09:36:40 +02:00
clk clk: meson-gxbb: round the vdec dividers to closest 2019-05-10 17:54:06 +02:00
clocksource clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability 2019-03-23 20:09:58 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-19 13:12:38 +01:00
cpufreq cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies 2019-04-05 22:33:03 +02:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 19:47:08 +01:00
crypto crypto: axis - fix for recursive locking from bottom half 2019-04-20 09:16:04 +02:00
dax mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:51:04 +01:00
dca
devfreq
dio
dma dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status 2019-05-02 09:58:55 +02:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire
firmware efi: Fix debugobjects warning on 'efi_rts_work' 2019-05-08 07:21:44 +02:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 19:46:59 +01:00
fsi fsi: master-ast-cf: select GENERIC_ALLOCATOR 2018-12-17 09:24:35 +01:00
gnss gnss: sirf: fix premature wakeup interrupt enable 2019-03-10 07:17:21 +01:00
gpio gpio: mxc: add check to return defer probe if clock tree NOT ready 2019-05-08 07:21:53 +02:00
gpu drm/mediatek: fix possible object reference leak 2019-05-10 17:54:09 +02:00
hid HID: input: add mapping for Assistant key 2019-05-08 07:21:49 +02:00
hsi
hv Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() 2019-05-10 17:54:04 +02:00
hwmon hwmon: (w83773g) Select REGMAP_I2C to fix build error 2019-04-17 08:38:47 +02:00
hwspinlock
hwtracing intel_th: gth: Fix an off-by-one in output unassigning 2019-05-02 09:58:56 +02:00
i2c i2c: i2c-stm32f7: Fix SDADEL minimum formula 2019-05-08 07:21:55 +02:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:14:42 +01:00
idle
iio io: accel: kxcjk1013: restore the range after resume. 2019-04-27 09:36:35 +02:00
infiniband RDMA/hns: Fix bug that caused srq creation to fail 2019-05-10 17:54:09 +02:00
input Input: stmfts - acknowledge that setting brightness is a blocking call 2019-05-08 07:21:53 +02:00
iommu iommu/amd: Set exclusion range correctly 2019-05-10 17:54:10 +02:00
ipack
irqchip irqchip/mbigen: Don't clear eventid when freeing an MSI 2019-04-20 09:15:59 +02:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-04-03 06:26:16 +02:00
leds leds: trigger: netdev: use memcpy in device_name_store 2019-05-04 09:20:22 +02:00
lightnvm lightnvm: pblk: add lock protection to list operations 2019-02-12 19:47:08 +01:00
macintosh
mailbox mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue 2019-03-23 20:09:49 +01:00
mcb
md dm integrity: fix deadlock with overlapping I/O 2019-04-17 08:38:54 +02:00
media media: v4l2: i2c: ov7670: Fix PLL bypass register values 2019-05-08 07:21:55 +02:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 19:47:10 +01:00
message
mfd mfd: twl-core: Disable IRQ while suspended 2019-05-08 07:21:48 +02:00
misc lkdtm: Add tests for NULL pointer dereference 2019-04-20 09:16:04 +02:00
mmc mmc: sdhci: Handle auto-command errors 2019-04-27 09:36:39 +02:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-15 08:10:10 +01:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net net: stmmac: Use bfsize1 in ndesc_init_rx_desc 2019-05-10 17:54:04 +02:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-11-13 11:08:48 -08:00
ntb
nubus
nvdimm libnvdimm: Fix altmap reservation size calculation 2019-03-23 20:09:53 +01:00
nvme nvme-fc: correct csn initialization and increments on error 2019-05-10 17:54:09 +02:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:30:16 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 19:47:08 +01:00
oprofile
parisc
parport parport_pc: fix find_superio io compare code, should use equal test. 2019-03-23 20:10:05 +01:00
pci PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports 2019-04-20 09:16:04 +02:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf perf/aux: Make perf_event accessible to setup_aux() 2019-04-05 22:33:11 +02:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-04-03 06:26:27 +02:00
pinctrl pinctrl: core: make sure strcmp() doesn't get a null parameter 2019-04-20 09:16:01 +02:00
platform platform/x86: pmc_atom: Drop __initconst on dmi table 2019-05-10 17:54:09 +02:00
pnp
power power: supply: charger-manager: Fix incorrect return value 2019-03-27 14:14:43 +09:00
powercap
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 19:47:01 +01:00
pwm
rapidio
ras
regulator regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting 2019-04-05 22:33:15 +02:00
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev 2019-05-08 07:21:47 +02:00
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc rtc: da9063: set uie_unsupported when relevant 2019-05-08 07:21:49 +02:00
s390 scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN 2019-05-04 09:20:21 +02:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:15:17 +01:00
scsi scsi: csiostor: fix missing data copy in csio_scsi_err_handler() 2019-05-10 17:54:09 +02:00
sfi
sh
siox
slimbus slimbus: ngd: mark PM functions as __maybe_unused 2018-12-19 19:19:49 +01:00
sn
soc soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() 2019-04-20 09:16:03 +02:00
soundwire
spi spi: pxa2xx: Setup maximum supported DMA transfer length 2019-03-23 20:09:57 +01:00
spmi
ssb
staging staging: most: cdev: fix chrdev_region leak in mod_exit 2019-05-10 17:54:05 +02:00
target scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock 2019-03-23 20:09:59 +01:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee tee: optee: avoid possible double list_del() 2019-02-12 19:47:08 +01:00
thermal thermal/intel_powerclamp: fix truncated kthread name 2019-04-20 09:15:56 +02:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-12-17 09:24:36 +01:00
tty serial: ar933x_uart: Fix build failure with disabled console 2019-05-04 09:20:13 +02:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb USB: cdc-acm: fix unthrottle races 2019-05-10 17:54:10 +02:00
uwb
vfio vfio/pci: use correct format characters 2019-05-08 07:21:49 +02:00
vhost vhost: reject zero size iova range 2019-04-27 09:36:31 +02:00
video backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state 2019-04-05 22:33:13 +02:00
virt vbox: fix link error with 'gcc -Og' 2019-02-12 19:46:59 +01:00
virtio virtio_pci: fix a NULL pointer reference in vp_del_vqs 2019-05-10 17:54:08 +02:00
visorbus
vlynq
vme
w1 USB: w1 ds2490: Fix bug caused by improper use of altsetting array 2019-05-08 07:21:43 +02:00
watchdog watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem 2019-02-27 10:08:52 +01:00
xen fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-05-08 07:21:51 +02:00
zorro
Kconfig
Makefile