Oliver Neukum wrote:
> Am Mittwoch, 6. Mai 2009 04:00:01 schrieb Jason Wessel:
>
> in static void usb_debug_write_bulk_callback(struct urb *urb)
>
>> + if (status) {
>> + dbg("nonzero write bulk status received: %d", status);
>> + return;
>> + }
>>
>
> [..]
>
>> + spin_lock_irqsave(&priv->tx_lock, flags);
>> + --priv->tx_outstanding_urbs;
>> + spin_unlock_irqrestore(&priv->tx_lock, flags);
>>
>
> That's a clear bug. If a URB finishes, you must decrease the counter, always
> and without exception, even if status indicates an error.
>
>
Thanks Oliver,
I would agree with you on that. It also means that the ftdi_sio.c
driver has the same bug, because that is where it was derived from. You
led me to see another flaw upon further inspection in that the usb_debug
driver must also implement the chars_in_buffer() call back because the
generic serial code will cause an oops with a null pointer dereference
of the write_urb.
Cheers,
Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
