USB: usb_wwan: fix urb leak at shutdown

commit 79eed03e77d481b55d85d1cfe5a1636a0d3897fd upstream.

The delayed-write queue was never emptied at shutdown (close), something
which could lead to leaked urbs if the port is closed before being
runtime resumed due to a write.

When this happens the output buffer would not drain on close
(closing_wait timeout), and after consecutive opens, writes could be
corrupted with previously buffered data, transfered with reduced
throughput or completely blocked.

Note that unbusy_queued_urb() was simply moved out of CONFIG_PM.

Fixes: 383cedc3bb43 ("USB: serial: full autosuspend support for the
option driver")

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 3.2: adjust indentation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c
index bb2a713..f6b996e 100644 (file)
--- a/drivers/usb/serial/usb_wwan.c
+++ b/drivers/usb/serial/usb_wwan.c
@@ -434,12 +434,26 @@ int usb_wwan_open(struct tty_struct *tty, struct usb_serial_port *port)
 }
 EXPORT_SYMBOL(usb_wwan_open);
 
+static void unbusy_queued_urb(struct urb *urb,
+                                       struct usb_wwan_port_private *portdata)
+{
+       int i;
+
+       for (i = 0; i < N_OUT_URB; i++) {
+               if (urb == portdata->out_urbs[i]) {
+                       clear_bit(i, &portdata->out_busy);
+                       break;
+               }
+       }
+}
+
 void usb_wwan_close(struct usb_serial_port *port)
 {
        int i;
        struct usb_serial *serial = port->serial;
        struct usb_wwan_port_private *portdata;
        struct usb_wwan_intf_private *intfdata = port->serial->private;
+       struct urb *urb;
 
        dbg("%s", __func__);
        portdata = usb_get_serial_port_data(port);
@@ -450,6 +464,14 @@ void usb_wwan_close(struct usb_serial_port *port)
                portdata->opened = 0;
                spin_unlock_irq(&intfdata->susp_lock);
 
+               for (;;) {
+                       urb = usb_get_from_anchor(&portdata->delayed);
+                       if (!urb)
+                               break;
+                       unbusy_queued_urb(urb, portdata);
+                       usb_autopm_put_interface_async(serial->interface);
+               }
+
                for (i = 0; i < N_IN_URB; i++)
                        usb_kill_urb(portdata->in_urbs[i]);
                for (i = 0; i < N_OUT_URB; i++)
@@ -666,18 +688,6 @@ int usb_wwan_suspend(struct usb_serial *serial, pm_message_t message)
 }
 EXPORT_SYMBOL(usb_wwan_suspend);
 
-static void unbusy_queued_urb(struct urb *urb, struct usb_wwan_port_private *portdata)
-{
-       int i;
-
-       for (i = 0; i < N_OUT_URB; i++) {
-               if (urb == portdata->out_urbs[i]) {
-                       clear_bit(i, &portdata->out_busy);
-                       break;
-               }
-       }
-}
-
 static void play_delayed(struct usb_serial_port *port)
 {
        struct usb_wwan_intf_private *data;