5.4-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)
diff --git a/queue-5.4/series b/queue-5.4/series

index 4d9a86270254562a576f972925ecd8e97882a0d8..4a6a8624c1421d5fa61f5a572243fb000d1136d8 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -114,3 +114,4 @@ wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-vlan-changes.patch
  exec-fix-nommu-linux_binprm-exec-in-transfer_args_to_stack.patch
  mmc-core-initialize-mmc_blk_ioc_data.patch
  mmc-core-avoid-negative-index-with-array-access.patch
+usb-cdc-wdm-close-race-between-read-and-workqueue.patch
diff --git a/queue-5.4/usb-cdc-wdm-close-race-between-read-and-workqueue.patch b/queue-5.4/usb-cdc-wdm-close-race-between-read-and-workqueue.patch

new file mode 100644 (file)

index 0000000..12337ef
--- /dev/null
+++ b/queue-5.4/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
@@ -0,0 +1,47 @@
+From 339f83612f3a569b194680768b22bf113c26a29d Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Thu, 14 Mar 2024 12:50:48 +0100
+Subject: usb: cdc-wdm: close race between read and workqueue
+
+From: Oliver Neukum <oneukum@suse.com>
+
+commit 339f83612f3a569b194680768b22bf113c26a29d upstream.
+
+wdm_read() cannot race with itself. However, in
+service_outstanding_interrupt() it can race with the
+workqueue, which can be triggered by error handling.
+
+Hence we need to make sure that the WDM_RESPONDING
+flag is not just only set but tested.
+
+Fixes: afba937e540c9 ("USB: CDC WDM driver")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+Link: https://lore.kernel.org/r/20240314115132.3907-1-oneukum@suse.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/class/cdc-wdm.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/class/cdc-wdm.c
++++ b/drivers/usb/class/cdc-wdm.c
+@@ -471,6 +471,7 @@ out_free_mem:
+ static int service_outstanding_interrupt(struct wdm_device *desc)
+ {
+       int rv = 0;
++      int used;
+ 
+       /* submit read urb only if the device is waiting for it */
+       if (!desc->resp_count || !--desc->resp_count)
+@@ -485,7 +486,10 @@ static int service_outstanding_interrupt
+               goto out;
+       }
+ 
+-      set_bit(WDM_RESPONDING, &desc->flags);
++      used = test_and_set_bit(WDM_RESPONDING, &desc->flags);
++      if (used)
++              goto out;
++
+       spin_unlock_irq(&desc->iuspin);
+       rv = usb_submit_urb(desc->response, GFP_KERNEL);
+       spin_lock_irq(&desc->iuspin);
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 31 Mar 2024 11:04:16 +0000 (13:04 +0200)
queue-5.4/series		patch \| blob \| blame \| history
queue-5.4/usb-cdc-wdm-close-race-between-read-and-workqueue.patch	[new file with mode: 0644]	patch \| blob