3.2-stable patches

added patches:
	usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch

diff --git a/queue-3.2/series b/queue-3.2/series
index 358401b996df388302174f6811b38423236e8785..565c760f42b8a6b2dd51e7204e8820d8c1f718f6 100644 (file)
--- a/queue-3.2/series
+++ b/queue-3.2/series
@@ -45,3 +45,4 @@ usb-ch9-fix-up-maxstreams-helper.patch
 igmp-avoid-zero-delay-when-receiving-odd-mixture-of-igmp-queries.patch
 asix-fix-infinite-loop-in-rx_fixup.patch
 bonding-fix-error-handling-if-slave-is-busy-v2.patch
+usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch

diff --git a/queue-3.2/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch b/queue-3.2/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
new file mode 100644 (file)
index 0000000..563892f
--- /dev/null
+++ b/queue-3.2/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
@@ -0,0 +1,63 @@
+From thilo@ginkel.com  Tue Jan 10 10:21:14 2012
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Date: Sat, 17 Dec 2011 10:55:10 +0100
+Subject: usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race
+To: oliver@neukum.name, gregkh@suse.de
+Cc: jhovold@gmail.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, Thilo-Alexander Ginkel <thilo@ginkel.com>
+Message-ID: <1324115710-14756-1-git-send-email-thilo@ginkel.com>
+
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+
+[Not upstream as it was fixed differently for 3.3 with a much more
+"intrusive" rework of the driver - gregkh]
+
+There is a race condition involving acm_tty_hangup() and acm_tty_close()
+where hangup() would attempt to access tty->driver_data without proper
+locking and NULL checking after close() has potentially already set it
+to NULL.  One possibility to (sporadically) trigger this behavior is to
+perform a suspend/resume cycle with a running WWAN data connection.
+
+This patch addresses the issue by introducing a NULL check for
+tty->driver_data in acm_tty_hangup() protected by open_mutex and exiting
+gracefully when hangup() is invoked on a device that has already been
+closed.
+
+Signed-off-by: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/usb/class/cdc-acm.c |   12 ++++++++++--
+ 1 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
+index a8078d0..97f2e58 100644
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -554,10 +554,18 @@ static void acm_port_down(struct acm *acm)
+ 
+ static void acm_tty_hangup(struct tty_struct *tty)
+ {
+-      struct acm *acm = tty->driver_data;
+-      tty_port_hangup(&acm->port);
++      struct acm *acm;
++
+       mutex_lock(&open_mutex);
++      acm = tty->driver_data;
++
++      if (!acm)
++              goto out;
++
++      tty_port_hangup(&acm->port);
+       acm_port_down(acm);
++
++out:
+       mutex_unlock(&open_mutex);
+ }
+ 
+-- 
+1.7.5.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-usb" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+