This is a note to let you know that I've just added the patch titled
cdc-acm: fix race between reset and control messaging
to the 4.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cdc-acm-fix-race-between-reset-and-control-messaging.patch
and it can be found in the queue-4.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 9397940ed812b942c520e0c25ed4b2c64d57e8b9 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@xxxxxxxx>
Date: Thu, 4 Oct 2018 15:49:06 +0200
Subject: cdc-acm: fix race between reset and control messaging
From: Oliver Neukum <oneukum@xxxxxxxx>
commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream.
If a device splits up a control message and a reset() happens
between the parts, the message is lost and already recieved parts
must be dropped.
Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors")
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/class/cdc-acm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1641,6 +1641,7 @@ static int acm_pre_reset(struct usb_inte
struct acm *acm = usb_get_intfdata(intf);
clear_bit(EVENT_RX_STALL, &acm->flags);
+ acm->nb_index = 0; /* pending control transfers are lost */
return 0;
}
Patches currently in stable-queue which might be from oneukum@xxxxxxxx are
queue-4.18/cdc-acm-correct-counting-of-uart-states-in-serial-state-notification.patch
queue-4.18/cdc-acm-fix-race-between-reset-and-control-messaging.patch
queue-4.18/usb-fix-the-usbfs-flag-sanitization-for-control-transfers.patch
queue-4.18/cdc-acm-do-not-reset-notification-buffer-index-upon-urb-unlinking.patch
