Re: USB disconnect -> kernel panic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 03, 2012 at 08:09:03PM -0700, Bdale Garbee wrote:
> On Tue, 3 Jan 2012 15:58:47 -0800, Greg KH <greg@xxxxxxxxx> wrote:
> > On Mon, Jan 02, 2012 at 10:22:55AM -0800, Sarah Sharp wrote:
> > > On Sat, Dec 24, 2011 at 03:32:26PM -0700, Bdale Garbee wrote:
> > > > Hi Sarah!  Merry Christmas!
> > > > 
> > > > I've been working on another production run of Altus Metrum products
> > > > today, and in the process of flashing and calibrating a pile of our
> > > > TeleDongle units, I've been seeing sporadic kernel panics when
> > > > unplugging them from my notebook USB.  Has now happened three times this
> > > > morning. 
> > > > 
> > > > I'm running 3.1.6 now, but I saw this under 3.1.5 too, at least once.
> > > > The notebook is an HP 2540p.
> > > > 
> > > > Keith suggested I send you the attached photo of my screen showing the
> > > > panic info. 
> > > 
> > > It's somewhere in the tty layer, and doesn't look USB related.  I think
> > > Greg KH is the tty maintainer right now, so you might want to ask him.
> > 
> > We've had some cdc_acm driver problems in the past, but I thought they
> > were all resolved.  3.1.3 should have fixed those problems.  We have
> > some more cleanups queued up for 3.3, but nothing that should be fixing
> > something like this.
> > 
> > Oliver, any thoughts about this (see the original post on linux-usb for
> > the crash dump.)
> 
> For what it's worth, it happened to me again today running 3.2.0-rc7.  I
> didn't bother photographing the screen again, though I'm happy to do
> that if it'll help.

Ok, can you try the patch below and let me know if it solves the problem
or not?

thanks,

greg k-h

-------------------
From: Thilo-Alexander Ginkel <thilo@xxxxxxxxxx>
Subject: usb: cdc-acm: Fix acm_tty_hangup() vs.  acm_tty_close() race

There is a race condition involving acm_tty_hangup() and acm_tty_close() where
hangup() would attempt to access tty->driver_data without proper locking and
NULL checking after close() has potentially already set it to NULL.
One possibility to (sporadically) trigger this behavior is to perform a
suspend/resume cycle with a running WWAN data connection.

This patch addresses the issue by introducing a NULL check for
tty->driver_data in acm_tty_hangup() protected by open_mutex and exiting
gracefully when hangup() is invoked on a device that has already been closed.

Signed-off-by: Thilo-Alexander Ginkel <thilo@xxxxxxxxxx>
---
 drivers/usb/class/cdc-acm.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index a8078d0..97f2e58 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -554,10 +554,18 @@ static void acm_port_down(struct acm *acm)
 
 static void acm_tty_hangup(struct tty_struct *tty)
 {
-	struct acm *acm = tty->driver_data;
-	tty_port_hangup(&acm->port);
+	struct acm *acm;
+
 	mutex_lock(&open_mutex);
+	acm = tty->driver_data;
+
+	if (!acm)
+		goto out;
+
+	tty_port_hangup(&acm->port);
 	acm_port_down(acm);
+
+out:
 	mutex_unlock(&open_mutex);
 }
 
-- 
1.7.5.4

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-serial" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux PPP]     [Linux FS]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linmodem]     [Device Mapper]     [Linux Kernel for ARM]

  Powered by Linux