diff mbox series

USB: class: CDC-ACM: fix race between get_serial and set_serial

Message ID 20240912141916.1044393-1-oneukum@suse.com (mailing list archive)
State Accepted
Commit b41c1fa155ba56d125885b0191aabaf3c508d0a3
Headers show
Series USB: class: CDC-ACM: fix race between get_serial and set_serial | expand

Commit Message

Oliver Neukum Sept. 12, 2024, 2:19 p.m. UTC
TIOCGSERIAL is an ioctl. Thus it must be atomic. It returns
two values. Racing with set_serial it can return an inconsistent
result. The mutex must be taken.

In terms of logic the bug is as old as the driver. In terms of
code it goes back to the conversion to the get_serial and
set_serial methods.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: 99f75a1fcd865 ("cdc-acm: switch to ->[sg]et_serial()")
---
 drivers/usb/class/cdc-acm.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 0c1b69d944ca..605fea461102 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -962,10 +962,12 @@  static int get_serial_info(struct tty_struct *tty, struct serial_struct *ss)
 	struct acm *acm = tty->driver_data;
 
 	ss->line = acm->minor;
+	mutex_lock(&acm->port.mutex);
 	ss->close_delay	= jiffies_to_msecs(acm->port.close_delay) / 10;
 	ss->closing_wait = acm->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ?
 				ASYNC_CLOSING_WAIT_NONE :
 				jiffies_to_msecs(acm->port.closing_wait) / 10;
+	mutex_unlock(&acm->port.mutex);
 	return 0;
 }