USB: serial: fix missing locking on fifo in write callback

On errors the fifo was reset without any locking. This could race with
write which do kfifo_put and perhaps also chars_in_buffer and write_room.

Every other access to the fifo is protected using the port lock so
better add it to the error path as well.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c
index 8f78d7b..2a3196a 100644 (file)
--- a/drivers/usb/serial/generic.c
+++ b/drivers/usb/serial/generic.c
@@ -519,10 +519,13 @@ void usb_serial_generic_write_bulk_callback(struct urb *urb)
                port->write_urb_busy = 0;
                spin_unlock_irqrestore(&port->lock, flags);
 
-               if (status)
+               if (status) {
+                       spin_lock_irqsave(&port->lock, flags);
                        kfifo_reset_out(&port->write_fifo);
-               else
+                       spin_unlock_irqrestore(&port->lock, flags);
+               } else {
                        usb_serial_generic_write_start(port);
+               }
        }
 
        if (status)