On Thu, Jan 03, 2013 at 11:21:08PM +0100, Wolfgang Frisch wrote:
> The attached patch fixes the symptom.
>
> The NULL dereference is caused by "chase_port" in
> drivers/usb/serial/io_ti.c as tty == NULL.
> Unfortunately I'm not familiar with the usb-serial system.
> I guess the tty is already cleaned up and chase_port shouldn't be called
> at this point.
>
> It works for me but I'd like to see the proper solution.
Thanks for identifying and fixing this. The tty is set to NULL when the
port is hanging up and chase_port should have checked for this.
I've prepared a patch series which removes the custom chase_port
function and replaces it with the corresponding generic implementations
instead (which does not suffer from the problem you found).
However, I think your solution is probably the best one for the stable
trees as it is less intrusive.
Care to resubmit your patch with a short description and perhaps the
stack trace from your original report? Have look at
Documentation/SubmittingPatches for details (e.g. you need to add a
Signed-off-by line and should configure you mail client to send the patch
as an inline attachment). Please see my notes on the patch below as
well.
I'll respond to this mail with my series which should also fix the
problem (and which could later be applied on top of your patch). If you
could test it on actual hardware it would be much appreciated.
Thanks,
Johan
> On 03/01/13 00:44, Wolfgang Frisch wrote:
> > I have a problem with my Digi Edgeport USB sensor.
> >
> > 1. Environment:
> > - Digi Watchport/H USB sensor (io_ti driver)
> > - Linux v3.7.1 on amd64
> > Tested with v3.7.1 on 2 physical machines.
> > Further tests were done in a virtual machine.
> >
> > 2. Observations:
> > The problem was observed with Linux 3.7.1, 3.2 and 3.1.
> > I'm not able to find a recent kernel without this problem.
> >
> > The sensor works until it is disconnected while its character device
> > still being used. This causes a kernel Oops.
> >
> > Steps to reproduce:
> > - Attach Watchport sensor
> > - Connect, e.g.: minicom -D /dev/ttyUSB0
> > - Detach the sensor
> > - Kernel oops
> >
> > The dmesg log is attached.
> >
>
> diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
> index 60023c2..65258c1 100644
> --- a/drivers/usb/serial/io_ti.c
> +++ b/drivers/usb/serial/io_ti.c
> @@ -534,6 +534,11 @@ static void chase_port(struct edgeport_port *port, unsigned long timeout,
> wait_queue_t wait;
> unsigned long flags;
>
> + // FIXME: chase_port is called with tty == NULL
You could drop this comment.
> + if (tty == NULL) {
> + return;
> + }
> +
and this should simply be
if (!tty)
return;
> if (!timeout)
> timeout = (HZ * EDGE_CLOSING_WAIT)/100;
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
