From: Johan Hovold on
On errors the fifo was reset without any locking. This could race with
write which do kfifo_put and perhaps also chars_in_buffer and write_room.

Every other access to the fifo is protected using the port lock so
better add it to the error path as well.

Signed-off-by: Johan Hovold <jhovold(a)gmail.com>
---
drivers/usb/serial/generic.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
index 8d6d790..d3ef69f 100644
--- a/drivers/usb/serial/generic.c
+++ b/drivers/usb/serial/generic.c
@@ -518,10 +518,13 @@ void usb_serial_generic_write_bulk_callback(struct urb *urb)
port->write_urb_busy = 0;
spin_unlock_irqrestore(&port->lock, flags);

- if (status)
+ if (status) {
+ spin_lock_irqsave(&port->lock, flags);
kfifo_reset_out(&port->write_fifo);
- else
+ spin_unlock_irqrestore(&port->lock, flags);
+ } else {
usb_serial_generic_write_start(port);
+ }
}

if (status)
--
1.7.0.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/