USB: cdc-acm: fix double usb_autopm_put_interface() in acm_port_activate()
authorAlexey Khoroshilov <khoroshilov@ispras.ru>
Fri, 11 Apr 2014 22:10:45 +0000 (02:10 +0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 16 Apr 2014 20:56:08 +0000 (13:56 -0700)
If acm_submit_read_urbs() fails in acm_port_activate(), error handling
code calls usb_autopm_put_interface() while it is already called
before acm_submit_read_urbs(). The patch reorganizes error handling code
to avoid double decrement of USB interface's PM-usage counter.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/class/cdc-acm.c

index 900f7ff805eef548f5b5d79ce16c5fe1f4663a09..d5d2c922186afb4021c5cbb112967bd9c3acead4 100644 (file)
@@ -518,13 +518,16 @@ static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)
        if (usb_submit_urb(acm->ctrlurb, GFP_KERNEL)) {
                dev_err(&acm->control->dev,
                        "%s - usb_submit_urb(ctrl irq) failed\n", __func__);
+               usb_autopm_put_interface(acm->control);
                goto error_submit_urb;
        }
 
        acm->ctrlout = ACM_CTRL_DTR | ACM_CTRL_RTS;
        if (acm_set_control(acm, acm->ctrlout) < 0 &&
-           (acm->ctrl_caps & USB_CDC_CAP_LINE))
+           (acm->ctrl_caps & USB_CDC_CAP_LINE)) {
+               usb_autopm_put_interface(acm->control);
                goto error_set_control;
+       }
 
        usb_autopm_put_interface(acm->control);
 
@@ -549,7 +552,6 @@ error_submit_read_urbs:
 error_set_control:
        usb_kill_urb(acm->ctrlurb);
 error_submit_urb:
-       usb_autopm_put_interface(acm->control);
 error_get_interface:
 disconnected:
        mutex_unlock(&acm->mutex);