3.16.74-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@xxxxxxx>
commit 36e59e0d70d6150e7a2155c54612ea875e88ce8d upstream.
Abn URB may be may marked free only after the buffer has been
processed or there is a small window during which it could
be submitted on another CPU and overwrite an unprocessed buffer
Signed-off-by: Oliver Neukum <oneukum@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/usb/class/cdc-acm.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -419,19 +419,21 @@ static void acm_read_bulk_callback(struc
struct acm_rb *rb = urb->context;
struct acm *acm = rb->instance;
unsigned long flags;
+ int status = urb->status;
dev_vdbg(&acm->data->dev, "%s - urb %d, len %d\n", __func__,
rb->index, urb->actual_length);
- set_bit(rb->index, &acm->read_urbs_free);
if (!acm->dev) {
+ set_bit(rb->index, &acm->read_urbs_free);
dev_dbg(&acm->data->dev, "%s - disconnected\n", __func__);
return;
}
if (urb->status) {
+ set_bit(rb->index, &acm->read_urbs_free);
dev_dbg(&acm->data->dev, "%s - non-zero urb status: %d\n",
- __func__, urb->status);
+ __func__, status);
if ((urb->status != -ENOENT) || (urb->actual_length == 0))
return;
}
@@ -439,6 +441,12 @@ static void acm_read_bulk_callback(struc
usb_mark_last_busy(acm->dev);
acm_process_read_urb(acm, urb);
+ /*
+ * Unthrottle may run on another CPU which needs to see events
+ * in the same order. Submission has an implict barrier
+ */
+ smp_mb__before_atomic();
+ set_bit(rb->index, &acm->read_urbs_free);
/* throttle device if requested by tty */
spin_lock_irqsave(&acm->read_lock, flags);
