On Wed, Feb 27, 2019 at 09:41:07AM +0100, Greg Kroah-Hartman wrote: > On Wed, Feb 27, 2019 at 08:48:56AM +0100, Michał Mirosław wrote: > > gserial_alloc_line() misses locking (for a release barrier) while > > resetting port entry on TTY allocation failure. Fix this. > > > > Signed-off-by: Michał Mirosław <mirq-linux@xxxxxxxxxxxx> > > --- > > drivers/usb/gadget/function/u_serial.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c > > index 65f634ec7fc2..bb1e2e1d0076 100644 > > --- a/drivers/usb/gadget/function/u_serial.c > > +++ b/drivers/usb/gadget/function/u_serial.c > > @@ -1239,8 +1239,10 @@ int gserial_alloc_line(unsigned char *line_num) > > __func__, port_num, PTR_ERR(tty_dev)); > > > > ret = PTR_ERR(tty_dev); > > + mutex_lock(&ports[port_num].lock); > > port = ports[port_num].port; > > ports[port_num].port = NULL; > > + mutex_unlock(&ports[port_num].lock); > > gserial_free_port(port); > > goto err; > > } > > Should this be backported to stable kernels to resolve this issue? This code has been there for ages and the failure case is rather obscure, but I guess it won't hurt to fix it. Best Regards, Michał Mirosław
