From: Daniel Mack <daniel@caiaq.de>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-usb@vger.kernel.org
Subject: Re: BUG: NULL pointer dereference in try_to_del_timer_sync()
Date: Wed, 29 Apr 2009 18:06:52 +0200 [thread overview]
Message-ID: <20090429160652.GF6291@buzzloop.caiaq.de> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0904291159240.24643-100000@netrider.rowland.org>
On Wed, Apr 29, 2009 at 12:00:58PM -0400, Alan Stern wrote:
> On Wed, 29 Apr 2009, Alan Stern wrote:
>
> > Looks like the ftdi_sio driver doesn't use proper reference counting
> > for its private data structure. Does this patch help?
>
> Oops, I forgot to initialize the kref. Try this patch instead.
Yep, that did it! Very good, thanks a lot.
Feel free to add my 'Tested-by' :)
Daniel
> Index: 2.6.30-rc3/drivers/usb/serial/ftdi_sio.c
> ===================================================================
> --- 2.6.30-rc3.orig/drivers/usb/serial/ftdi_sio.c
> +++ 2.6.30-rc3/drivers/usb/serial/ftdi_sio.c
> @@ -56,6 +56,7 @@ static __u16 vendor = FTDI_VID;
> static __u16 product;
>
> struct ftdi_private {
> + struct kref kref;
> ftdi_chip_type_t chip_type;
> /* type of device, either SIO or FT8U232AM */
> int baud_base; /* baud base clock for divisor setting */
> @@ -1352,6 +1353,7 @@ static int ftdi_sio_port_probe(struct us
> return -ENOMEM;
> }
>
> + kref_init(&priv->kref);
> spin_lock_init(&priv->rx_lock);
> spin_lock_init(&priv->tx_lock);
> init_waitqueue_head(&priv->delta_msr_wait);
> @@ -1468,6 +1470,13 @@ static void ftdi_shutdown(struct usb_ser
> dbg("%s", __func__);
> }
>
> +static void ftdi_sio_priv_release(struct kref *k)
> +{
> + struct ftdi_private *priv = container_of(k, struct ftdi_private, kref);
> +
> + kfree(priv);
> +}
> +
> static int ftdi_sio_port_remove(struct usb_serial_port *port)
> {
> struct ftdi_private *priv = usb_get_serial_port_data(port);
> @@ -1482,7 +1491,7 @@ static int ftdi_sio_port_remove(struct u
>
> if (priv) {
> usb_set_serial_port_data(port, NULL);
> - kfree(priv);
> + kref_put(&priv->kref, ftdi_sio_priv_release);
> }
>
> return 0;
> @@ -1547,7 +1556,8 @@ static int ftdi_open(struct tty_struct *
> dev_err(&port->dev,
> "%s - failed submitting read urb, error %d\n",
> __func__, result);
> -
> + else
> + kref_get(&priv->kref);
>
> return result;
> } /* ftdi_open */
> @@ -1589,11 +1599,11 @@ static void ftdi_close(struct tty_struct
> mutex_unlock(&port->serial->disc_mutex);
>
> /* cancel any scheduled reading */
> - cancel_delayed_work(&priv->rx_work);
> - flush_scheduled_work();
> + cancel_delayed_work_sync(&priv->rx_work);
>
> /* shutdown our bulk read */
> usb_kill_urb(port->read_urb);
> + kref_put(&priv->kref, ftdi_sio_priv_release);
> } /* ftdi_close */
>
>
>
prev parent reply other threads:[~2009-04-29 16:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-28 8:14 BUG: NULL pointer dereference in try_to_del_timer_sync() Daniel Mack
2009-04-29 6:55 ` Andrew Morton
2009-04-29 7:03 ` Daniel Mack
2009-04-29 7:22 ` Andrew Morton
2009-04-29 15:13 ` Greg KH
2009-04-29 15:50 ` Daniel Mack
2009-04-29 15:49 ` Alan Stern
2009-04-29 16:00 ` Daniel Mack
2009-04-29 16:00 ` Alan Stern
2009-04-29 16:06 ` Daniel Mack [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090429160652.GF6291@buzzloop.caiaq.de \
--to=daniel@caiaq.de \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.