Re: Oops w/ USB serial + modular ipaq

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <greg@kroah.com>
To: Zwane Mwaikambo <zwane@linuxpower.ca>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: Oops w/ USB serial + modular ipaq
Date: Wed, 23 Jun 2004 09:10:44 -0700	[thread overview]
Message-ID: <20040623161044.GA25681@kroah.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0406230222090.3273@montezuma.fsmlabs.com>

On Wed, Jun 23, 2004 at 02:33:25AM -0400, Zwane Mwaikambo wrote:
> Loading the ipaq module, connecting a device and then unloading ipaq.ko
> oopses.
> 
> PocketPC PDA ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
> usbserial 1-2:1.0: device disconnected
> Unable to handle kernel NULL pointer dereference at virtual address 00000085
>  printing eip:
> f8990a6f
> *pde = 00000000
> Oops: 0000 [#1]
> SMP
> Modules linked in: ppp_async ppp_generic slhc ipaq usbserial vmnet vmmon
> dm_mod e100 e1000 3c59x
> CPU:    0
> EIP:    0060:[<f8990a6f>]    Tainted: P   VLI
> EFLAGS: 00210246   (2.6.7-rc3-mm2-slock)
> EIP is at usb_serial_disconnect+0x1b/0x86 [usbserial]
> eax: 00000000   ebx: 00000011   ecx: 00000002   edx: 00000000
> esi: 00000000   edi: 00000001   ebp: d9d0c000   esp: d9d0cf38
> ds: 007b   es: 007b   ss: 0068
> Process rmmod (pid: 19148, threadinfo=d9d0c000 task=e62ced10)
> Stack: f8993f40 c02ef8f6 c1d61b48 c1ec46d8 00000000 f8998220 f8990e04 f89924c0
>        f8991e8c f8996cc8 f8998480 c04631a4 00000000 c0128b94 00000000 71617069
>        00000000 d5d33a80 d5d33a80 c013cac9 40001000 40000000 c013ce17 40000000
> Call Trace:
>  [<c02ef8f6>] device_release_driver+0x56/0x58
>  [<f8990e04>] usb_serial_deregister+0x9b/0x9f [usbserial]
>  [<c0128b94>] sys_delete_module+0x132/0x180
>  [<c013cac9>] unmap_vma_list+0xe/0x17
>  [<c013ce17>] do_munmap+0x10a/0x144
>  [<c0110df4>] do_page_fault+0x0/0x501
>  [<c0103a71>] sysenter_past_esp+0x52/0x71
> 
> Code: 04 24 b3 1d 99 f8 e8 89 65 78 c7 e9 8a f5 ff ff 83 ec 18 89 5c 24 0c
> 89 7c 24 14 89 74 24 10 8d 58 10 89 c7 a1 04 46 99 f8 85 c0 <8b> 73 74 75
> 48 85 f6 c7 43 74 00 00 00 00 74 08 8d 46 38 e8 47
> 
> (gdb) list * usb_serial_disconnect+0x1b
> 0x1a6f is in usb_serial_disconnect (device.h:298).
> 293     }
> 294
> 295     static inline void *
> 296     dev_get_drvdata (struct device *dev)
> 297     {
> 298             return dev->driver_data;
> 299     }
> 
> 
> The problem is due to the following;
> 
> void usb_serial_deregister(struct usb_serial_device_type *device)
> {
> 	struct usb_serial *serial;
> 	int i;
> 
> 	for(i = 0; i < SERIAL_TTY_MINORS; ++i) {
> 		serial = serial_table[i];
> 		if ((serial != NULL) && (serial->type == device)) {
> 			printk("usb_serial_deregister: %p %p\n", serial, serial->interface);
> 			usb_driver_release_interface (&usb_serial_driver, serial->interface);
> 			usb_serial_disconnect (serial->interface); <===
> 		}
> 	}
> ...
> }
> 
> It's not safe to use serial->interface after that
> usb_driver_release_interface().

Why not?  The ->interface pointer is still valid, only thing is that
device does not have a driver bound to it anymore, so the later call to
dev_info() in the usb_serial_disconnect() call might cause the oops.

How about just switching those two calls around (usb_serial_disconnect()
before calling usb_driver_release_interface())?  Will that solve the
problem for you?  If you just comment out usb_serial_disconnect() you
will leak memory :(

thanks,

greg k-h

next prev parent reply	other threads:[~2004-06-23 16:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-07 21:54 [BK PATCH] USB fixes for 2.6.7-rc3 Greg KH
     [not found] ` <10866458194180@kroah.com>
     [not found]   ` <20040616091710.GS12494@sunbeam.de.gnumonks.org>
     [not found]     ` <20040616170409.GK12494@sunbeam.de.gnumonks.org>
     [not found]       ` <20040616175800.GB13937@kroah.com>
2004-06-23  6:33         ` Oops w/ USB serial + modular ipaq Zwane Mwaikambo
2004-06-23  8:21           ` Zwane Mwaikambo
2004-06-23 16:10           ` Greg KH [this message]
2004-06-23 17:01             ` Zwane Mwaikambo
2004-06-29 21:37               ` [PATCH] fix different usb-serial oopses for 2.6.7 Greg KH
2004-06-30  4:50                 ` Zwane Mwaikambo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040623161044.GA25681@kroah.com \
    --to=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=zwane@linuxpower.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.