cdc-acm: fix race between reset and control messaging

commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream.

If a device splits up a control message and a reset() happens
between the parts, the message is lost and already recieved parts
must be dropped.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 5a703c33de1c9a89bc4df5ce5286a4b0a5173634..e41d00bc7e9749f4e2eb7a9d4ced034d65e23887 100644 (file)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1654,6 +1654,7 @@ static int acm_pre_reset(struct usb_interface *intf)
        struct acm *acm = usb_get_intfdata(intf);
 
        clear_bit(EVENT_RX_STALL, &acm->flags);
+       acm->nb_index = 0; /* pending control transfers are lost */
 
        return 0;
 }