USB: fix usb-serial generic recursive lock
Nobody should be using the generic usb-serial for anything other than
testing. Still, it's not a good thing that it's easy to lock up. There
is a traceback from NMI oopser here:
https://bugzilla.redhat.com/show_bug.cgi?id=431379
But in short, if a line discipline has a chance to echo anything, input
can loop back a write method. So, don't call tty_flip_buffer_push from
under a lock taken on write path.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
index 97fa3c4..7cfce9d 100644
--- a/drivers/usb/serial/generic.c
+++ b/drivers/usb/serial/generic.c
@@ -323,7 +323,7 @@
room = tty_buffer_request_room(tty, urb->actual_length);
if (room) {
tty_insert_flip_string(tty, urb->transfer_buffer, room);
- tty_flip_buffer_push(tty); /* is this allowed from an URB callback ? */
+ tty_flip_buffer_push(tty);
}
}
@@ -349,10 +349,12 @@
/* Throttle the device if requested by tty */
spin_lock_irqsave(&port->lock, flags);
- if (!(port->throttled = port->throttle_req))
- /* Handle data and continue reading from device */
+ if (!(port->throttled = port->throttle_req)) {
+ spin_unlock_irqrestore(&port->lock, flags);
flush_and_resubmit_read_urb(port);
- spin_unlock_irqrestore(&port->lock, flags);
+ } else {
+ spin_unlock_irqrestore(&port->lock, flags);
+ }
}
EXPORT_SYMBOL_GPL(usb_serial_generic_read_bulk_callback);