On Tue, Oct 09, 2012 at 01:05:46PM -0400, Alan Stern wrote: > On Tue, 9 Oct 2012, Greg KH wrote: > > > Ugh, that "simple" patch has turned up more bugs in drivers than > > anything I know of in recent history. > > It would be a good idea for someone to audit all the serial drivers. > The basic idea is simple: > > The .port_probe and .port_remove methods should handle > anything connected with an individual port. > > The .probe, .attach, .disconnect, and .release methods > should handle things associated with the entire device, > not with any particular port. They definitely should > not call usb_get_serial_port_data(). > > It wouldn't be surprising to find that several of the drivers violate > these rules. In fact, the problem is worse than I expected. We've so far only had a few reports of drivers oopsing due to use after free or NULL derefs, but commit 0998d0631001288 (device-core: Ensure drvdata = NULL when no driver is bound) also introduced multiple silent memory leaks as port data is no longer freed in release as the pointers are now NULL. I've fixed the cp210x and pl2303. Not counting the garmin deref fixed by Alan, a quick grep and audit reveals at least 22 memory leaks and 4 NULL derefs in usb/serial: drivers/usb/serial/ark3116.c drivers/usb/serial/belkin_sa.c drivers/usb/serial/cyberjack.c drivers/usb/serial/cypress_m8.c drivers/usb/serial/digi_acceleport.c drivers/usb/serial/f81232.c drivers/usb/serial/io_edgeport.c drivers/usb/serial/io_ti.c drivers/usb/serial/iuu_phoenix.c drivers/usb/serial/keyspan.c drivers/usb/serial/keyspan_pda.c drivers/usb/serial/kl5kusb105.c drivers/usb/serial/kobil_sct.c drivers/usb/serial/mct_u232.c drivers/usb/serial/mos7720.c drivers/usb/serial/mos7840.c drivers/usb/serial/omninet.c drivers/usb/serial/opticon.c drivers/usb/serial/oti6858.c drivers/usb/serial/qcserial.c drivers/usb/serial/quatech2.c drivers/usb/serial/sierra.c drivers/usb/serial/spcp8x5.c drivers/usb/serial/ssu100.c drivers/usb/serial/ti_usb_3410_5052.c drivers/usb/serial/whiteheat.c I'll try to fix a few more... Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
