Commit Graph

230 Commits

Author SHA1 Message Date
Oliver Neukum
2ad9d544f2 cdc-acm: hardening against malicious devices
This should fix the last holes against malicious devices
still open in cdc-acm. It cannot go into stable due to
the introduction of the common parser.
The fix for stable already merged also covers the problems this patch
fixes.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-21 09:48:27 +02:00
Oliver Neukum
efbe27b3cf cdc-acm: cleaning up debug in data submission path
Further cleanup making the debug messages more precise, useful
and removing mere trace points.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-13 17:24:24 +02:00
Oliver Neukum
46e75075ba cdc-acm: cleanup debugging in submission path
Actually make it retutn useful information.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-13 17:24:24 +02:00
Oliver Neukum
ab57f86198 cdc-acm: delete obsolete debug messages
Some debug messages merely provide a function trace without
additional debug data. They predate ftrace and can be replaced
by it. Drop them without replacement.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-09 14:13:24 +02:00
Gavin Li
add125054b cdc-acm: fix wrong pipe type on rx interrupt xfers
This fixes the "BOGUS urb xfer" warning logged by usb_submit_urb().

Signed-off-by: Gavin Li <git@thegavinli.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-15 16:30:56 +02:00
Oliver Neukum
cb42b63d89 cdc-acm: beautify probe()
This removes some overly long lines by renaming variables and giving
them local scope.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Oliver Neukum
6dd3587f51 cdc-acm: cleanup error handling
A small update to unify error handling during probe().

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Oliver Neukum
eccf2a4e6b cdc-acm: use the common parser
This introduces the common parser for extra CDC headers now that it no longer
depends on usbnet.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Sandhya Bankar
a092a16b14 usb: cdc-acm: Space prohibited before close parenthesis ')'.
Space prohibited before close parenthesis ')'.

Signed-off-by: Sandhya Bankar <bankarsandhya512@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-06-07 22:18:39 -07:00
Peter Hurley
d41861ca19 tty: Replace ASYNC_INITIALIZED bit and update atomically
Replace ASYNC_INITIALIZED bit in the tty_port::flags field with
TTY_PORT_INITIALIZED bit in the tty_port::iflags field. Introduce helpers
tty_port_set_initialized() and tty_port_initialized() to abstract
atomic bit ops.

Note: the transforms for test_and_set_bit() and test_and_clear_bit()
are unnecessary as the state transitions are already mutually exclusive;
the tty lock prevents concurrent open/close/hangup.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-30 09:26:55 -07:00
Oliver Neukum
2a14759a03 cdc-acm: fix crash if flushed with nothing buffered
Under some circumstances acm_tty_flush_chars() is called
with no buffer to flush. We simply need to do nothing.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-13 11:53:07 -07:00
Oliver Neukum
8835ba4a39 USB: cdc-acm: more sanity checking
An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-18 09:19:02 -07:00
Oliver Neukum
a81cf9799a cdc-acm: implement put_char() and flush_chars()
This should cut down latencies and waste if the tty layer writes single bytes.

Signed-off-by: Oliver Neukum >oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-14 17:06:43 -08:00
Oliver Neukum
e912e685f3 cdc-acm:exclude Samsung phone 04e8:685d
This phone needs to be handled by a specialised firmware tool
and is reported to crash irrevocably if cdc-acm takes it.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-01-24 21:06:21 -08:00
Lu Baolu
ffdb1e369a usb: cdc-acm: send zero packet for intel 7260 modem
For Intel 7260 modem, it is needed for host side to send zero
packet if the BULK OUT size is equal to USB endpoint max packet
length. Otherwise, modem side may still wait for more data and
cannot give response to host side.

Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-01-24 21:06:21 -08:00
Lu Baolu
19454462ac usb: cdc-acm: handle unlinked urb in acm read callback
In current acm driver, the bulk-in callback function ignores the
URBs unlinked in usb core.

This causes unexpected data loss in some cases. For example,
runtime suspend entry will unlinked all urbs and set urb->status
to -ENOENT even those urbs might have data not processed yet.
Hence, data loss occurs.

This patch lets bulk-in callback function handle unlinked urbs
to avoid data loss.

Signed-off-by: Tang Jian Qiang <jianqiang.tang@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Cc: stable@vger.kernel.org
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-01-24 21:06:21 -08:00
Jonas Jonsson
f33a7f72e5 USB: cdc_acm: Ignore Infineon Flash Loader utility
Some modems, such as the Telit UE910, are using an Infineon Flash Loader
utility. It has two interfaces, 2/2/0 (Abstract Modem) and 10/0/0 (CDC
Data). The latter can be used as a serial interface to upgrade the
firmware of the modem. However, that isn't possible when the cdc-acm
driver takes control of the device.

The following is an explanation of the behaviour by Daniele Palmas during
discussion on linux-usb.

"This is what happens when the device is turned on (without modifying
the drivers):

[155492.352031] usb 1-3: new high-speed USB device number 27 using ehci-pci
[155492.485429] usb 1-3: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[155492.485436] usb 1-3: New USB device found, idVendor=058b, idProduct=0041
[155492.485439] usb 1-3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[155492.485952] cdc_acm 1-3:1.0: ttyACM0: USB ACM device

This is the flashing device that is caught by the cdc-acm driver. Once
the ttyACM appears, the application starts sending a magic string
(simple write on the file descriptor) to keep the device in flashing
mode. If this magic string is not properly received in a certain time
interval, the modem goes on in normal operative mode:

[155493.748094] usb 1-3: USB disconnect, device number 27
[155494.916025] usb 1-3: new high-speed USB device number 28 using ehci-pci
[155495.059978] usb 1-3: New USB device found, idVendor=1bc7, idProduct=0021
[155495.059983] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[155495.059986] usb 1-3: Product: 6 CDC-ACM + 1 CDC-ECM
[155495.059989] usb 1-3: Manufacturer: Telit
[155495.059992] usb 1-3: SerialNumber: 359658044004697
[155495.138958] cdc_acm 1-3:1.0: ttyACM0: USB ACM device
[155495.140832] cdc_acm 1-3:1.2: ttyACM1: USB ACM device
[155495.142827] cdc_acm 1-3:1.4: ttyACM2: USB ACM device
[155495.144462] cdc_acm 1-3:1.6: ttyACM3: USB ACM device
[155495.145967] cdc_acm 1-3:1.8: ttyACM4: USB ACM device
[155495.147588] cdc_acm 1-3:1.10: ttyACM5: USB ACM device
[155495.154322] cdc_ether 1-3:1.12 wwan0: register 'cdc_ether' at usb-0000:00:1a.7-3, Mobile Broadband Network Device, 00:00:11:12:13:14

Using the cdc-acm driver, the string, though being sent in the same way
than using the usb-serial-simple driver (I can confirm that the data is
passing properly since I used an hw usb sniffer), does not make the
device to stay in flashing mode."

Signed-off-by: Jonas Jonsson <jonas@ludd.ltu.se>
Tested-by: Daniele Palmas <dnlplm@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2015-11-23 10:31:05 +01:00
Johannes Thumshirn
91b725600d cdc-acm: Destroy acm_minors IDR on module exit
Destroy acm_minors IDR on module exit, reclaiming the allocated memory.

This was detected by the following semantic patch (written by Luis Rodriguez
<mcgrof@suse.com>)
<SmPL>
@ defines_module_init @
declarer name module_init, module_exit;
declarer name DEFINE_IDR;
identifier init;
@@

module_init(init);

@ defines_module_exit @
identifier exit;
@@

module_exit(exit);

@ declares_idr depends on defines_module_init && defines_module_exit @
identifier idr;
@@

DEFINE_IDR(idr);

@ on_exit_calls_destroy depends on declares_idr && defines_module_exit @
identifier declares_idr.idr, defines_module_exit.exit;
@@

exit(void)
{
 ...
 idr_destroy(&idr);
 ...
}

@ missing_module_idr_destroy depends on declares_idr && defines_module_exit && !on_exit_calls_destroy @
identifier declares_idr.idr, defines_module_exit.exit;
@@

exit(void)
{
 ...
 +idr_destroy(&idr);
 }
</SmPL>

Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-07-22 14:49:42 -07:00
Alexey Sokolov
15bf722e6f cdc-acm: Add support of ATOL FPrint fiscal printers
ATOL FPrint fiscal printers require usb_clear_halt to be executed
to work properly. Add quirk to fix the issue.

Signed-off-by: Alexey Sokolov <sokolov@7pikes.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-06-08 14:01:13 -07:00
Fabian Frederick
2cfef79ddc cdc-acm: use swap() in acm_probe()
Use kernel.h macro definition.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-24 09:30:07 -07:00
Johan Hovold
6cb4f4df68 USB: cdc-acm: use idr to manage minor numbers
Use the idr-interface rather than a static table to manage minor-number
allocations.

This allows us to easily switch over to fully dynamic minor allocations
when the TTY-layer can handle that.

Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-24 09:30:03 -07:00
Quentin Casasnovas
0d3bba0287 cdc-acm: prevent infinite loop when parsing CDC headers.
Phil and I found out a problem with commit:

  7e860a6e7a ("cdc-acm: add sanity checks")

It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop.  This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.

It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.

A specially crafted USB device could be used to trigger this infinite loop.

Fixes: 7e860a6e7a ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-04-28 12:53:16 +02:00
Oliver Neukum
4132cd02db cdc-acm: convert to not directly using urb->status
A step on the road to passing status as a parameter

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-03-26 10:51:56 +01:00
Oliver Neukum
6c8074e90c cdc-acm: surpress misleading message
During the entry intro suspend a misleading message can be
printed. Surpress it by checking the specific error.

Signed-off-by: Oliver Neukum <oneukum@suse.de>0
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-03-26 10:51:56 +01:00
Oliver Neukum
36e59e0d70 cdc-acm: fix race between callback and unthrottle
Abn URB may be may marked free only after the buffer has been
processed or there is a small window during which it could
be submitted on another CPU and overwrite an unprocessed buffer

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-03-26 10:50:52 +01:00
Björn Gerhart
b20b1618b8 cdc-acm: Add support for Denso cradle CU-321
In order to support an older USB cradle by Denso, I added its vendor- and product-ID to the array of usb_device_id acm_ids. In this way cdc-acm feels responsible for this cradle. The related /dev/ttyACM node is being created properly, and the data transfer works.

However, later cradle models by Denso do have proper descriptors, so the patch is not required for these. At the same time both the older and the later model have the same vendor- and product-ID, but they both work with the patched driver.

Declaration of the Denso cradles I tested:
- both models have the same IDs: vendorID 0x076d, productID 0x0006
- older model: Denso CU-321 (descriptors not properly set)
- later model: Denso CU-821 (with proper descriptors)

Signed-off-by: Bjoern Gerhart <oss@airbjorn.de>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-02-24 08:38:47 -08:00
Oliver Neukum
17136d4984 cdc-acm: kill unnecessary messages
Memory allocation failures are reported by a central facility.
No need to repeat the job.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-31 08:58:39 -08:00
Oliver Neukum
7e860a6e7a cdc-acm: add sanity checks
Check the special CDC headers for a plausible minimum length.
Another big operating systems ignores such garbage.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
CC: stable@vger.kernel.org
Reviewed-by: Adam Lee <adam8157@gmail.com>
Tested-by: Adam Lee <adam8157@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-31 08:58:38 -08:00
Greg Kroah-Hartman
403dff4e2c USB: cdc-acm: check for valid interfaces
We need to check that we have both a valid data and control inteface for both
types of headers (union and not union.)

References: https://bugzilla.kernel.org/show_bug.cgi?id=83551
Reported-by: Simon Schubert <2+kernel@0x2c.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-24 17:21:42 -08:00
Oliver Neukum
d908f8478a cdc-acm: memory leak in error case
If probe() fails not only the attributes need to be removed
but also the memory freed.

Reported-by: Ahmed Tamrawi <ahmedtamrawi@gmail.com>
Signed-off-by: Oliver Neukum <oneukum@suse.de>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-24 17:21:41 -08:00
Greg Kroah-Hartman
69b7290e51 Merge 3.18-rc4 into usb-next.
This resolves a conflict in drivers/usb/host/Kconfig

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-10 12:10:24 +09:00
Johan Hovold
2a8cdfde92 USB: cdc-acm: add quirk for control-line state requests
Add new quirk for devices that cannot handle control-line state
requests.

Note that we currently send these requests to all devices, regardless of
whether they claim to support it, but that errors are only logged if
support is claimed.

Since commit 0943d8ead3 ("USB: cdc-acm: use tty-port dtr_rts"), which
only changed the timings for these requests slightly, this has been
reported to cause occasional firmware crashes on Simtec Electronics
Entropy Key devices after re-enumeration. Enable the quirk for this
device.

Reported-by: Nix <nix@esperi.org.uk>
Tested-by: Nix <nix@esperi.org.uk>
Cc: stable <stable@vger.kernel.org>	# v3.16
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-06 12:25:40 -08:00
Johan Hovold
4473d054ce USB: cdc-acm: only raise DTR on transitions from B0
Make sure to only raise DTR on transitions from B0 in set_termios.

Also allow set_termios to be called from open with a termios_old of
NULL. Note that DTR will not be raised prematurely in this case.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-05 11:25:25 -08:00
Oliver Neukum
61fbe96c8b cdc-acm: Drop the warning for unusual capabilities
Let's drop the warning for modems with unusual capabilities,
the associated quirk and blacklist. They made little sense.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-03 15:30:13 -08:00
Jim Paris
24cb4502c9 cdc-acm: ensure that termios get set when the port is activated
The driver wasn't properly configuring the hardware for the current
termios settings under all conditions.  Ensure that termios are
written to the device when the port is activated.

Signed-off-by: Jim Paris <jim@jtan.com>
Reviewed-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-03 15:26:15 -08:00
Johan Hovold
cf84a691a6 USB: cdc-acm: add device id for GW Instek AFG-2225
Add device-id entry for GW Instek AFG-2225, which has a byte swapped
bInterfaceSubClass (0x20).

Reported-by: Karl Palsson <karlp@tweak.net.au>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-03 15:26:15 -08:00
Johan Hovold
0943d8ead3 USB: cdc-acm: use tty-port dtr_rts
Add dtr_rts tty-port operation which implements proper DTR/RTS handling
(e.g. only lower DTR/RTS during shutdown if HUPCL is set).

Note that modem-control locking still needs to be added throughout the
driver.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:10 -07:00
Johan Hovold
308fee18e0 USB: cdc-acm: remove redundant usb_mark_last_busy
There's no need to call usb_mark_last_busy after having increased the PM
counter in write(). The device will be marked busy by USB core when the
PM counter is balanced in the completion handler.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:10 -07:00
Johan Hovold
4a8ee5059a USB: cdc-acm: do not update PM busy on read errors
There's no need to update the runtime PM last_busy field on read urb
errors (e.g. when the urb is being killed on shutdown).

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:10 -07:00
Johan Hovold
b1d42efc21 USB: cdc-acm: minimise no-suspend window during shutdown
Now that acm_set_control() handles runtime PM properly, the only
remaining reason for the PM operations in shutdown is to clear the
needs_remote_wakeup flag before the final put.

Note that this also means that we now need to grab the write_lock to
prevent racing with resume.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:10 -07:00
Johan Hovold
89e54e4468 USB: cdc-acm: remove redundant disconnected test from shutdown
Remove redundant disconnect test from shutdown(), which is never called
post disconnect() where we do synchronous hangup.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
bbf0cb3e93 USB: cdc-acm: simplify runtime PM locking
We can simply the runtime PM locking as there's no need to check the
susp_count in the read path (at least not since killing the rx tasklet).

Specifically, the read urbs will never be resubmitted by the completion
handler when killed during suspend.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
5292afa657 USB: cdc-acm: fix runtime PM imbalance at shutdown
Make sure only to decrement the PM counters if they were actually
incremented.

Note that the USB PM counter, but not necessarily the driver core PM
counter, is reset when the interface is unbound.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
e4c36076c2 USB: cdc-acm: fix I/O after failed open
Make sure to kill any already submitted read urbs on read-urb submission
failures in open in order to prevent doing I/O for a closed port.

Fixes: 088c64f812 ("USB: cdc-acm: re-write read processing")
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
8727bf689a USB: cdc-acm: fix failed open not being detected
Fix errors during open not being returned to userspace. Specifically,
failed control-line manipulations or control or read urb submissions
would not be detected.

Fixes: 7fb57a019f ("USB: cdc-acm: Fix potential deadlock (lockdep
warning)")

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
703df3297f USB: cdc-acm: fix open and suspend race
We must not do the usb_autopm_put_interface() before submitting the read
urbs or we might end up doing I/O to a suspended device.

Fixes: 088c64f812 ("USB: cdc-acm: re-write read processing")
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
183a45087d USB: cdc-acm: fix potential urb leak and PM imbalance in write
Make sure to check return value of autopm get in write() in order to
avoid urb leak and PM counter imbalance on errors.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Cc: <stable@vger.kernel.org>	# v2.6.27
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
ed79707403 USB: cdc-acm: fix shutdown and suspend race
We should stop I/O unconditionally at suspend rather than rely on the
tty-port initialised flag (which is set prior to stopping I/O during
shutdown) in order to prevent suspend returning with URBs still active.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Cc: <stable@vger.kernel.org>	# v2.6.27
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
bae3f4c535 USB: cdc-acm: fix runtime PM for control messages
Fix runtime PM handling of control messages by adding the required PM
counter operations.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Cc: <stable@vger.kernel.org>	# v2.6.27
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00
Johan Hovold
140cb81ac8 USB: cdc-acm: fix broken runtime suspend
The current ACM runtime-suspend implementation is broken in several
ways:

Firstly, it buffers only the first write request being made while
suspended -- any further writes are silently dropped.

Secondly, writes being dropped also leak write urbs, which are never
reclaimed (until the device is unbound).

Thirdly, even the single buffered write is not cleared at shutdown
(which may happen before the device is resumed), something which can
lead to another urb leak as well as a PM usage-counter leak.

Fix this by implementing a delayed-write queue using urb anchors and
making sure to discard the queue properly at shutdown.

Fixes: 11ea859d64 ("USB: additional power savings for cdc-acm devices
that support remote wakeup")

Reported-by: Xiao Jin <jin.xiao@intel.com>
Cc: <stable@vger.kernel.org>	# v2.6.27
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-27 15:04:09 -07:00