USB: last abuses of intfdata in close for usb-serial drivers
authorOliver Neukum <oliver@neukum.org>
Wed, 23 Jan 2008 11:28:45 +0000 (12:28 +0100)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 1 Feb 2008 22:35:05 +0000 (14:35 -0800)
these drivers abused intfdata in close() as flags for binding.
That races with reprobing of those devices. This patch fixes that by using
the flag and the locks introduced with the patch against mos7720.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/serial/digi_acceleport.c
drivers/usb/serial/oti6858.c
drivers/usb/serial/pl2303.c
drivers/usb/serial/ti_usb_3410_5052.c

index ae410c4678ea697abe9f62a435a5aca73f87490e..5f9c6e46bee5712effaed0346d7ae5a31e305d60 100644 (file)
@@ -1405,19 +1405,19 @@ static void digi_close(struct usb_serial_port *port, struct file *filp)
        unsigned char buf[32];
        struct tty_struct *tty = port->tty;
        struct digi_port *priv = usb_get_serial_port_data(port);
-       unsigned long flags = 0;
 
        dbg("digi_close: TOP: port=%d, open_count=%d",
                priv->dp_port_num, port->open_count);
 
+       mutex_lock(&port->serial->disc_mutex);
        /* if disconnected, just clear flags */
-       if (!usb_get_intfdata(port->serial->interface))
+       if (port->serial->disconnected)
                goto exit;
 
        /* do cleanup only after final close on this port */
-       spin_lock_irqsave(&priv->dp_port_lock, flags);
+       spin_lock_irq(&priv->dp_port_lock);
        priv->dp_in_close = 1;
-       spin_unlock_irqrestore(&priv->dp_port_lock, flags);
+       spin_unlock_irq(&priv->dp_port_lock);
 
        /* tell line discipline to process only XON/XOFF */
        tty->closing = 1;
@@ -1482,11 +1482,12 @@ static void digi_close(struct usb_serial_port *port, struct file *filp)
        }
        tty->closing = 0;
 exit:
-       spin_lock_irqsave(&priv->dp_port_lock, flags);
+       spin_lock_irq(&priv->dp_port_lock);
        priv->dp_write_urb_in_use = 0;
        priv->dp_in_close = 0;
        wake_up_interruptible(&priv->dp_close_wait);
-       spin_unlock_irqrestore(&priv->dp_port_lock, flags);
+       spin_unlock_irq(&priv->dp_port_lock);
+       mutex_unlock(&port->serial->disc_mutex);
        dbg("digi_close: done");
 }
 
index db725aaf7d19ebb19509e4115efef1a2bf1e237e..a3847d6c946eac309fe899b8698cdb34bbe29276 100644 (file)
@@ -649,7 +649,7 @@ static void oti6858_close(struct usb_serial_port *port, struct file *filp)
                set_current_state(TASK_INTERRUPTIBLE);
                if (oti6858_buf_data_avail(priv->buf) == 0
                || timeout == 0 || signal_pending(current)
-               || !usb_get_intfdata(port->serial->interface))  /* disconnect */
+               || port->serial->disconnected)
                        break;
                spin_unlock_irqrestore(&priv->lock, flags);
                timeout = schedule_timeout(timeout);
index ac3d8765f4829e2dd8ebb3256b15d45ae1e4d01e..ae3ec1a64008b65e2b10f4a95152ea74e6c23729 100644 (file)
@@ -667,7 +667,7 @@ static void pl2303_close(struct usb_serial_port *port, struct file *filp)
                set_current_state(TASK_INTERRUPTIBLE);
                if (pl2303_buf_data_avail(priv->buf) == 0 ||
                    timeout == 0 || signal_pending(current) ||
-                   !usb_get_intfdata(port->serial->interface)) /* disconnect */
+                   port->serial->disconnected)
                        break;
                spin_unlock_irqrestore(&priv->lock, flags);
                timeout = schedule_timeout(timeout);
index 70f56c8aef9949b347efd249123ddf0dba287578..b517f93352ec414d8ee52258b5965868ea2fb5f2 100644 (file)
@@ -1493,11 +1493,10 @@ static void ti_drain(struct ti_port *tport, unsigned long timeout, int flush)
        struct ti_device *tdev = tport->tp_tdev;
        struct usb_serial_port *port = tport->tp_port;
        wait_queue_t wait;
-       unsigned long flags;
 
        dbg("%s - port %d", __FUNCTION__, port->number);
 
-       spin_lock_irqsave(&tport->tp_lock, flags);
+       spin_lock_irq(&tport->tp_lock);
 
        /* wait for data to drain from the buffer */
        tdev->td_urb_error = 0;
@@ -1508,11 +1507,11 @@ static void ti_drain(struct ti_port *tport, unsigned long timeout, int flush)
                if (ti_buf_data_avail(tport->tp_write_buf) == 0
                || timeout == 0 || signal_pending(current)
                || tdev->td_urb_error
-               || !usb_get_intfdata(port->serial->interface))  /* disconnect */
+               || port->serial->disconnected)  /* disconnect */
                        break;
-               spin_unlock_irqrestore(&tport->tp_lock, flags);
+               spin_unlock_irq(&tport->tp_lock);
                timeout = schedule_timeout(timeout);
-               spin_lock_irqsave(&tport->tp_lock, flags);
+               spin_lock_irq(&tport->tp_lock);
        }
        set_current_state(TASK_RUNNING);
        remove_wait_queue(&tport->tp_write_wait, &wait);
@@ -1521,19 +1520,23 @@ static void ti_drain(struct ti_port *tport, unsigned long timeout, int flush)
        if (flush)
                ti_buf_clear(tport->tp_write_buf);
 
-       spin_unlock_irqrestore(&tport->tp_lock, flags);
+       spin_unlock_irq(&tport->tp_lock);
 
+       mutex_lock(&port->serial->disc_mutex);
        /* wait for data to drain from the device */
        /* wait for empty tx register, plus 20 ms */
        timeout += jiffies;
        tport->tp_lsr &= ~TI_LSR_TX_EMPTY;
        while ((long)(jiffies - timeout) < 0 && !signal_pending(current)
        && !(tport->tp_lsr&TI_LSR_TX_EMPTY) && !tdev->td_urb_error
-       && usb_get_intfdata(port->serial->interface)) {  /* not disconnected */
+       && !port->serial->disconnected) {
                if (ti_get_lsr(tport))
                        break;
+               mutex_unlock(&port->serial->disc_mutex);
                msleep_interruptible(20);
+               mutex_lock(&port->serial->disc_mutex);
        }
+       mutex_unlock(&port->serial->disc_mutex);
 }