* 2.6.6 Oops disconnecting speedtouch usb modem @ 2004-05-11 11:26 Nuno Ferreira 2004-05-11 11:40 ` Duncan Sands 2004-05-11 11:42 ` 2.6.6 Oops disconnecting speedtouch usb modem Grzegorz Kulewski 0 siblings, 2 replies; 17+ messages in thread From: Nuno Ferreira @ 2004-05-11 11:26 UTC (permalink / raw) To: linux-kernel After upgrading from 2.6.5 to 2.6.6 I got this error while disconnecting my Speedtouch USB ADSL modem. May 10 23:31:57 taz kernel: usb 1-1: USB disconnect, address 2 May 10 23:31:57 taz kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000004 May 10 23:31:57 taz kernel: printing eip: May 10 23:31:57 taz kernel: c02315d4 May 10 23:31:57 taz kernel: *pde = 00000000 May 10 23:31:57 taz kernel: Oops: 0000 [#1] May 10 23:31:57 taz kernel: CPU: 0 May 10 23:31:57 taz kernel: EIP: 0060:[destroy_async+84/128] Not tainted May 10 23:31:57 taz kernel: EFLAGS: 00010013 (2.6.6) May 10 23:31:57 taz kernel: EIP is at destroy_async+0x54/0x80 May 10 23:31:57 taz kernel: eax: dcd656ac ebx: 00000286 ecx: 00000000 edx: dcd65690 May 10 23:31:57 taz kernel: esi: dcd656ac edi: dcd65690 ebp: dd39e424 esp: ddd75ea0 May 10 23:31:57 taz kernel: ds: 007b es: 007b ss: 0068 May 10 23:31:57 taz kernel: Process khubd (pid: 5, threadinfo=ddd75000 task=ddfa6030) May 10 23:31:57 taz kernel: Stack: c022e368 ddd13294 c0330ba0 dd39e400 c02316c9 dcd65690 dcd656ac c022873a May 10 23:31:57 taz kernel: ddd13294 ddd13294 dd15f648 ddd132a4 c0330bc0 c01f6a94 ddd132a4 ddd132cc May 10 23:31:57 taz kernel: ddd132a4 dd39e4cc c01f6bc5 ddd132a4 ddd132fc ddd132a4 dd39e4cc c01f5b2d May 10 23:31:57 taz kernel: Call Trace: May 10 23:31:57 taz kernel: [usb_disable_interface+56/80] usb_disable_interface+0x38/0x50 May 10 23:31:57 taz kernel: [driver_disconnect+57/64] driver_disconnect+0x39/0x40 May 10 23:31:57 taz kernel: [usb_unbind_interface+122/128] usb_unbind_interface+0x7a/0x80 May 10 23:31:57 taz kernel: [device_release_driver+100/112] device_release_driver+0x64/0x70 May 10 23:31:57 taz kernel: [bus_remove_device+85/160] bus_remove_device+0x55/0xa0 May 10 23:31:57 taz kernel: [device_del+93/160] device_del+0x5d/0xa0 May 10 23:31:57 taz kernel: [device_unregister+19/48] device_unregister+0x13/0x30 May 10 23:31:57 taz kernel: [usb_disable_device+111/176] usb_disable_device+0x6f/0xb0 May 10 23:31:57 taz kernel: [usb_disconnect+150/240] usb_disconnect+0x96/0xf0 May 10 23:31:57 taz kernel: [hub_port_connect_change+625/640] hub_port_connect_change+0x271/0x280 May 10 23:31:57 taz kernel: [hub_port_status+67/176] hub_port_status+0x43/0xb0 May 10 23:31:57 taz kernel: [hub_events+672/768] hub_events+0x2a0/0x300 May 10 23:31:57 taz kernel: [hub_thread+45/240] hub_thread+0x2d/0xf0 May 10 23:31:57 taz kernel: [default_wake_function+0/32] default_wake_function+0x0/0x20 May 10 23:31:57 taz kernel: [hub_thread+0/240] hub_thread+0x0/0xf0 May 10 23:31:57 taz kernel: [kernel_thread_helper+5/20] kernel_thread_helper+0x5/0x14 May 10 23:31:57 taz kernel: May 10 23:31:57 taz kernel: Code: 8b 51 04 8b 01 89 50 04 89 02 89 49 04 89 09 53 9d 8b 41 20 I also had another problem before that one, modem_run complained that it couldn't read interrupts and exited. The connections stayed up, though. May 10 23:22:31 taz modem_run[1364]: [monitoring report] ADSL link went up May 10 23:22:50 taz modem_run[874]: ADSL synchronization has been obtained May 10 23:22:50 taz modem_run[874]: ADSL line is up (512 kbit/s down | 128 kbit/s up) May 10 23:22:50 taz modem_run[1364]: Error reading interrupts May 10 23:22:50 taz modem_run[1364]: [monitoring report] ADSL link went down May 10 23:22:51 taz modem_run[1364]: Device disconnected, shutting down Neither of these problems happen with the same setup running 2.6.5. I'll try to find more find more information about this second problem when I get home. Anyone else having problems with the speedtouch usb on 2.6.6? -- Nuno Ferreira ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-11 11:26 2.6.6 Oops disconnecting speedtouch usb modem Nuno Ferreira @ 2004-05-11 11:40 ` Duncan Sands 2004-05-11 14:56 ` Nuno Ferreira 2004-05-11 11:42 ` 2.6.6 Oops disconnecting speedtouch usb modem Grzegorz Kulewski 1 sibling, 1 reply; 17+ messages in thread From: Duncan Sands @ 2004-05-11 11:40 UTC (permalink / raw) To: Nuno Ferreira, linux-kernel > May 10 23:31:57 taz kernel: EIP is at destroy_async+0x54/0x80 Does this happen with -mm1? Thanks, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-11 11:40 ` Duncan Sands @ 2004-05-11 14:56 ` Nuno Ferreira 2004-05-12 2:25 ` Nuno Ferreira 0 siblings, 1 reply; 17+ messages in thread From: Nuno Ferreira @ 2004-05-11 14:56 UTC (permalink / raw) To: Duncan Sands; +Cc: linux-kernel On Ter, 2004-05-11 at 13:40 +0200, Duncan Sands wrote: > > May 10 23:31:57 taz kernel: EIP is at destroy_async+0x54/0x80 > > Does this happen with -mm1? I will try it later today, I have the modem at home. Thanks -- Nuno Ferreira ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-11 14:56 ` Nuno Ferreira @ 2004-05-12 2:25 ` Nuno Ferreira 2004-05-12 15:02 ` Duncan Sands 2004-05-13 9:04 ` Duncan Sands 0 siblings, 2 replies; 17+ messages in thread From: Nuno Ferreira @ 2004-05-12 2:25 UTC (permalink / raw) To: Duncan Sands; +Cc: linux-kernel On Ter, 2004-05-11 at 15:56 +0100, Nuno Ferreira wrote: > On Ter, 2004-05-11 at 13:40 +0200, Duncan Sands wrote: > > > May 10 23:31:57 taz kernel: EIP is at destroy_async+0x54/0x80 > > > > Does this happen with -mm1? > > I will try it later today, I have the modem at home. OK, I tried it with -mm1 and the second problem I reported (modem_run complaining about not being able to read interrupts ans exiting) appears to be gone. The oops while disconnecting still exists, but it's different. May 11 21:18:10 taz kernel: usb 1-1: USB disconnect, address 2 May 11 21:18:10 taz kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000 May 11 21:18:10 taz kernel: printing eip: May 11 21:18:10 taz kernel: c02168f4 May 11 21:18:10 taz kernel: *pde = 00000000 May 11 21:18:10 taz kernel: ___ ______ May 11 21:18:10 taz kernel: 0--,| /OOOOOO\ May 11 21:18:10 taz kernel: {_o / /OO plop OO\ May 11 21:18:10 taz kernel: \__\_/OO oh dear OOO\s May 11 21:18:10 taz kernel: \OOOOOOOOOOOOOOOO/ May 11 21:18:10 taz kernel: __XXX__ __XXX__ May 11 21:18:10 taz kernel: Oops: 0000 [#1] May 11 21:18:10 taz kernel: CPU: 0 May 11 21:18:10 taz kernel: EIP: 0060:[usb_ifnum_to_if+36/64] Not tainted VLI May 11 21:18:10 taz kernel: EFLAGS: 00010293 (2.6.6-mm1) May 11 21:18:10 taz kernel: EIP is at usb_ifnum_to_if+0x24/0x40 May 11 21:18:10 taz kernel: eax: 00000000 ebx: dd3b7c00 ecx: 00000000 edx: 00000001 May 11 21:18:10 taz kernel: esi: 00000003 edi: 00000001 ebp: dd5d5824 esp: ddd91ea8 May 11 21:18:10 taz kernel: ds: 007b es: 007b ss: 0068 May 11 21:18:10 taz kernel: Process khubd (pid: 21, threadinfo=ddd91000 task=ddd676b0) May 11 21:18:10 taz kernel: Stack: dd5d5800 00000000 00000001 c021c42a dcce4510 00000282 dcce4510 de8d5c80 May 11 21:18:10 taz kernel: dd5d5800 de864a6d 00000000 de8d3e60 ddd4b194 de8d5c80 dd5d5800 dd5d5824 May 11 21:18:10 taz kernel: c02167c5 ddd4b1a4 de8d5ca0 c01e8fe6 ddd4b1a4 dd5d58cc c01e90f8 ddd4b1a4 May 11 21:18:10 taz kernel: Call Trace: May 11 21:18:10 taz kernel: [usb_set_interface+26/304] usb_set_interface+0x1a/0x130 May 11 21:18:10 taz kernel: [pg0+508303981/1069920256] atm_dev_deregister+0xd/0xc0 [atm] May 11 21:18:10 taz kernel: [pg0+508759648/1069920256] udsl_atm_dev_close+0x30/0x50 [speedtch] May 11 21:18:10 taz kernel: [usb_unbind_interface+69/112] usb_unbind_interface+0x45/0x70 May 11 21:18:10 taz kernel: [device_release_driver+86/96] device_release_driver+0x56/0x60 May 11 21:18:10 taz kernel: [bus_remove_device+72/144] bus_remove_device+0x48/0x90 May 11 21:18:10 taz kernel: [device_del+90/144] device_del+0x5a/0x90 May 11 21:18:10 taz kernel: [device_unregister+8/16] device_unregister+0x8/0x10May 11 21:18:10 taz kernel: [usb_disable_device+97/176] usb_disable_device+0x61/0xb0 May 11 21:18:10 taz kernel: [usb_disconnect+143/224] usb_disconnect+0x8f/0xe0 May 11 21:18:10 taz kernel: [hub_port_connect_change+580/640] hub_port_connect_change+0x244/0x280 May 11 21:18:10 taz kernel: [hub_port_status+58/176] hub_port_status+0x3a/0xb0 May 11 21:18:10 taz kernel: [schedule+604/1040] schedule+0x25c/0x410 May 11 21:18:10 taz kernel: [hub_events+604/688] hub_events+0x25c/0x2b0 May 11 21:18:10 taz kernel: [hub_thread+43/224] hub_thread+0x2b/0xe0 May 11 21:18:10 taz kernel: [default_wake_function+0/16] default_wake_function+0x0/0x10 May 11 21:18:10 taz kernel: [hub_thread+0/224] hub_thread+0x0/0xe0 May 11 21:18:10 taz kernel: [kernel_thread_helper+5/24] kernel_thread_helper+0x5/0x18 May 11 21:18:10 taz kernel: May 11 21:18:10 taz kernel: Code: 00 00 90 8d 74 26 00 57 89 d7 56 53 8b 98 9c 01 00 00 31 c0 85 db 74 24 0f b6 43 04 31 c9 39 c1 7d 18 89 c6 8d 76 00 8b 44 8b 0c <8b> 10 0f b6 52 02 39 fa 74 07 41 39 f1 7c ed 31 c0 5b 5e 5f c3 -- Nuno Ferreira ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-12 2:25 ` Nuno Ferreira @ 2004-05-12 15:02 ` Duncan Sands 2004-05-13 9:04 ` Duncan Sands 1 sibling, 0 replies; 17+ messages in thread From: Duncan Sands @ 2004-05-12 15:02 UTC (permalink / raw) To: Nuno Ferreira; +Cc: linux-kernel > The oops while disconnecting still exists, but it's different. I will try to look into it tonight. Ciao, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-12 2:25 ` Nuno Ferreira 2004-05-12 15:02 ` Duncan Sands @ 2004-05-13 9:04 ` Duncan Sands 2004-05-13 15:56 ` Alan Stern 1 sibling, 1 reply; 17+ messages in thread From: Duncan Sands @ 2004-05-13 9:04 UTC (permalink / raw) To: Nuno Ferreira; +Cc: linux-kernel, linux-usb-devel, Alan Stern > OK, I tried it with -mm1 and the second problem I reported (modem_run > complaining about not being able to read interrupts ans exiting) appears > to be gone. > The oops while disconnecting still exists, but it's different. > > May 11 21:18:10 taz kernel: usb 1-1: USB disconnect, address 2 > May 11 21:18:10 taz kernel: Unable to handle kernel NULL pointer > dereference at virtual address 00000000 May 11 21:18:10 taz kernel: > printing eip: > May 11 21:18:10 taz kernel: c02168f4 > May 11 21:18:10 taz kernel: *pde = 00000000 > May 11 21:18:10 taz kernel: ___ ______ > May 11 21:18:10 taz kernel: 0--,| /OOOOOO\ > May 11 21:18:10 taz kernel: {_o / /OO plop OO\ > May 11 21:18:10 taz kernel: \__\_/OO oh dear OOO\s > May 11 21:18:10 taz kernel: \OOOOOOOOOOOOOOOO/ > May 11 21:18:10 taz kernel: __XXX__ __XXX__ > May 11 21:18:10 taz kernel: Oops: 0000 [#1] > May 11 21:18:10 taz kernel: CPU: 0 > May 11 21:18:10 taz kernel: EIP: 0060:[usb_ifnum_to_if+36/64] Not > tainted VLI > May 11 21:18:10 taz kernel: EFLAGS: 00010293 (2.6.6-mm1) > May 11 21:18:10 taz kernel: EIP is at usb_ifnum_to_if+0x24/0x40 > May 11 21:18:10 taz kernel: eax: 00000000 ebx: dd3b7c00 ecx: 00000000 > edx: 00000001 May 11 21:18:10 taz kernel: esi: 00000003 edi: 00000001 > ebp: dd5d5824 esp: ddd91ea8 May 11 21:18:10 taz kernel: ds: 007b es: > 007b ss: 0068 > May 11 21:18:10 taz kernel: Process khubd (pid: 21, threadinfo=ddd91000 > task=ddd676b0) May 11 21:18:10 taz kernel: Stack: dd5d5800 00000000 > 00000001 c021c42a dcce4510 00000282 dcce4510 de8d5c80 > May 11 21:18:10 taz kernel: dd5d5800 de864a6d 00000000 de8d3e60 > ddd4b194 de8d5c80 dd5d5800 dd5d5824 > May 11 21:18:10 taz kernel: c02167c5 ddd4b1a4 de8d5ca0 c01e8fe6 > ddd4b1a4 dd5d58cc c01e90f8 ddd4b1a4 > May 11 21:18:10 taz kernel: Call Trace: > May 11 21:18:10 taz kernel: [usb_set_interface+26/304] > usb_set_interface+0x1a/0x130 May 11 21:18:10 taz kernel: > [pg0+508303981/1069920256] atm_dev_deregister+0xd/0xc0 [atm] May 11 > 21:18:10 taz kernel: [pg0+508759648/1069920256] > udsl_atm_dev_close+0x30/0x50 [speedtch] May 11 21:18:10 taz kernel: > [usb_unbind_interface+69/112] usb_unbind_interface+0x45/0x70 May 11 > 21:18:10 taz kernel: [device_release_driver+86/96] > device_release_driver+0x56/0x60 May 11 21:18:10 taz kernel: > [bus_remove_device+72/144] bus_remove_device+0x48/0x90 May 11 21:18:10 taz > kernel: [device_del+90/144] device_del+0x5a/0x90 May 11 21:18:10 taz > kernel: [device_unregister+8/16] device_unregister+0x8/0x10May 11 21:18:10 > taz kernel: [usb_disable_device+97/176] usb_disable_device+0x61/0xb0 May > 11 21:18:10 taz kernel: [usb_disconnect+143/224] usb_disconnect+0x8f/0xe0 > May 11 21:18:10 taz kernel: [hub_port_connect_change+580/640] > hub_port_connect_change+0x244/0x280 May 11 21:18:10 taz kernel: > [hub_port_status+58/176] hub_port_status+0x3a/0xb0 May 11 21:18:10 taz > kernel: [schedule+604/1040] schedule+0x25c/0x410 May 11 21:18:10 taz > kernel: [hub_events+604/688] hub_events+0x25c/0x2b0 May 11 21:18:10 taz > kernel: [hub_thread+43/224] hub_thread+0x2b/0xe0 May 11 21:18:10 taz > kernel: [default_wake_function+0/16] default_wake_function+0x0/0x10 May 11 > 21:18:10 taz kernel: [hub_thread+0/224] hub_thread+0x0/0xe0 May 11 > 21:18:10 taz kernel: [kernel_thread_helper+5/24] > kernel_thread_helper+0x5/0x18 May 11 21:18:10 taz kernel: > May 11 21:18:10 taz kernel: Code: 00 00 90 8d 74 26 00 57 89 d7 56 53 8b 98 > 9c 01 00 00 31 c0 85 db 74 24 0f b6 43 04 31 c9 39 c1 7d 18 89 c6 8d 76 00 > 8b 44 8b 0c <8b> 10 0f b6 52 02 39 fa 74 07 41 39 f1 7c ed 31 c0 5b 5e 5f > c3 Hi Nuno, I suspect it is caused by this patch (as246c - Allocate interface structures dynamically): http://marc.theaimsgroup.com/?l=linux-usb-devel&m=108239223425404&w=2 Can you please revert it and see if that helps? I think it is this bit that is causing the problem: /* * usb_disable_device - Disable all the endpoints for a USB device * @dev: the device whose endpoints are being disabled @@ -835,6 +831,7 @@ dev_dbg (&dev->dev, "unregistering interface %s\n", interface->dev.bus_id); device_unregister (&interface->dev); + dev->actconfig->interface[i] = NULL; } dev->actconfig = 0; if (dev->state == USB_STATE_CONFIGURED) @@ -1071,6 +1068,16 @@ return 0; } All the best, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-13 9:04 ` Duncan Sands @ 2004-05-13 15:56 ` Alan Stern 2004-05-13 16:45 ` Duncan Sands 0 siblings, 1 reply; 17+ messages in thread From: Alan Stern @ 2004-05-13 15:56 UTC (permalink / raw) To: Duncan Sands; +Cc: Nuno Ferreira, linux-kernel, linux-usb-devel On Thu, 13 May 2004, Duncan Sands wrote: > Hi Nuno, I suspect it is caused by this patch (as246c - Allocate interface structures dynamically): > > http://marc.theaimsgroup.com/?l=linux-usb-devel&m=108239223425404&w=2 > > Can you please revert it and see if that helps? I think it is this bit that is causing the problem: > > /* > * usb_disable_device - Disable all the endpoints for a USB device > * @dev: the device whose endpoints are being disabled > @@ -835,6 +831,7 @@ > dev_dbg (&dev->dev, "unregistering interface %s\n", > interface->dev.bus_id); > device_unregister (&interface->dev); > + dev->actconfig->interface[i] = NULL; > } > dev->actconfig = 0; > if (dev->state == USB_STATE_CONFIGURED) > @@ -1071,6 +1068,16 @@ > return 0; > } I don't see how that can be. The stack dump is getting unwieldy so I haven't duplicated it here, but if I'm reading it right the problem occurs when usb_set_interface() is called by usb_unbind_interface(), which itself is called indirectly by device_unregister() above. The pointer for the interface being unregistered has not yet been set to NULL, hence this shouldn't cause an oops. Alan Stern ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-13 15:56 ` Alan Stern @ 2004-05-13 16:45 ` Duncan Sands 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern 0 siblings, 1 reply; 17+ messages in thread From: Duncan Sands @ 2004-05-13 16:45 UTC (permalink / raw) To: Alan Stern; +Cc: Nuno Ferreira, linux-kernel, linux-usb-devel > I don't see how that can be. The stack dump is getting unwieldy so I > haven't duplicated it here, but if I'm reading it right the problem occurs > when usb_set_interface() is called by usb_unbind_interface(), which itself > is called indirectly by device_unregister() above. The pointer for the > interface being unregistered has not yet been set to NULL, hence this > shouldn't cause an oops. No, but the pointer for another (previous) interface may just have been set to NULL, causing an Oops when usb_ifnum_to_if loops over all interfaces. In other words, maybe for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { struct usb_interface *interface; /* remove this interface */ interface = dev->actconfig->interface[i]; dev_dbg (&dev->dev, "unregistering interface %s\n", interface->dev.bus_id); device_unregister (&interface->dev); dev->actconfig->interface[i] = NULL; } should be turned into for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { struct usb_interface *interface; /* remove this interface */ interface = dev->actconfig->interface[i]; dev_dbg (&dev->dev, "unregistering interface %s\n", interface->dev.bus_id); device_unregister (&interface->dev); } for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) dev->actconfig->interface[i] = NULL; All the best, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 16:45 ` Duncan Sands @ 2004-05-13 17:56 ` Alan Stern 2004-05-13 19:50 ` Duncan Sands ` (3 more replies) 0 siblings, 4 replies; 17+ messages in thread From: Alan Stern @ 2004-05-13 17:56 UTC (permalink / raw) To: Greg KH, Duncan Sands Cc: Nuno Ferreira, Kernel development list, linux-usb-devel On Thu, 13 May 2004, Duncan Sands wrote: > No, but the pointer for another (previous) interface may just have been > set to NULL, causing an Oops when usb_ifnum_to_if loops over all > interfaces. Of course! I trust you won't mind me changing your suggested fix slightly. This should do an equally good job of repairing things, and it will prevent other possible invalid references as well. Greg, please apply. Alan Stern ===== drivers/usb/core/message.c 1.83 vs edited ===== --- 1.83/drivers/usb/core/message.c Mon May 3 06:26:40 2004 +++ edited/drivers/usb/core/message.c Thu May 13 13:37:48 2004 @@ -830,7 +830,14 @@ interface = dev->actconfig->interface[i]; dev_dbg (&dev->dev, "unregistering interface %s\n", interface->dev.bus_id); - device_unregister (&interface->dev); + device_del (&interface->dev); + } + + /* Now that the interfaces are unbound, nobody should + * try to access them. + */ + for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { + put_device (&dev->actconfig->interface[i]->dev); dev->actconfig->interface[i] = NULL; } dev->actconfig = 0; ===== drivers/usb/core/usb.c 1.264 vs edited ===== --- 1.264/drivers/usb/core/usb.c Thu Apr 15 08:19:20 2004 +++ edited/drivers/usb/core/usb.c Thu May 13 13:40:06 2004 @@ -198,6 +198,9 @@ * This routine helps device drivers avoid such mistakes. * However, you should make sure that you do the right thing with any * alternate settings available for this interfaces. + * + * Don't call this function unless you are bound to one of the interfaces + * on this device or you own the dev->serialize semaphore! */ struct usb_interface *usb_ifnum_to_if(struct usb_device *dev, unsigned ifnum) { @@ -228,6 +231,9 @@ * it would be incorrect to assume that the first altsetting entry in * the array corresponds to altsetting zero. This routine helps device * drivers avoid such mistakes. + * + * Don't call this function unless you are bound to the intf interface + * or you own the device's ->serialize semaphore! */ struct usb_host_interface *usb_altnum_to_altsetting(struct usb_interface *intf, unsigned int altnum) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern @ 2004-05-13 19:50 ` Duncan Sands 2004-05-13 21:03 ` Alan Stern 2004-05-13 22:40 ` Greg KH ` (2 subsequent siblings) 3 siblings, 1 reply; 17+ messages in thread From: Duncan Sands @ 2004-05-13 19:50 UTC (permalink / raw) To: Alan Stern, Greg KH Cc: Nuno Ferreira, Kernel development list, linux-usb-devel Hi Alan, > + /* Now that the interfaces are unbound, nobody should > + * try to access them. > + */ how is usbfs going to claim interfaces after this? > + * Don't call this function unless you are bound to one of the interfaces > + * on this device or you own the dev->serialize semaphore! Owning dev->serialize won't stop an Oops if the interfaces are all NULL... All the best, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 19:50 ` Duncan Sands @ 2004-05-13 21:03 ` Alan Stern 2004-05-13 21:23 ` Duncan Sands 0 siblings, 1 reply; 17+ messages in thread From: Alan Stern @ 2004-05-13 21:03 UTC (permalink / raw) To: Duncan Sands Cc: Greg KH, Nuno Ferreira, Kernel development list, linux-usb-devel On Thu, 13 May 2004, Duncan Sands wrote: > Hi Alan, > > > + /* Now that the interfaces are unbound, nobody should > > + * try to access them. > > + */ > > how is usbfs going to claim interfaces after this? After this there _are_ no interfaces! They've all been destroyed by usb_disable_device(), called as part of usb_set_configuration() or usb_disconnect(). Of course, usb_set_configuration() will go ahead and create a new set of interfaces that usbfs can then bind. > > + * Don't call this function unless you are bound to one of the interfaces > > + * on this device or you own the dev->serialize semaphore! > > Owning dev->serialize won't stop an Oops if the interfaces are all NULL... If you own dev->serialize then usb_disable_device() can't be running concurrently, since it requires its caller to own that semaphore (although that may not be stated explicitly). Hence either the interfaces won't be NULL or else dev->actconfig will be NULL, and in either case usb_ifnum_to_if() will work okay. Alan Stern ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 21:03 ` Alan Stern @ 2004-05-13 21:23 ` Duncan Sands 0 siblings, 0 replies; 17+ messages in thread From: Duncan Sands @ 2004-05-13 21:23 UTC (permalink / raw) To: Alan Stern Cc: Greg KH, Nuno Ferreira, Kernel development list, linux-usb-devel Hi Alan, all is clear to me now. By the way, I guess it would be better (stylistically speaking) to use dev->actconfig = NULL; rather than dev->actconfig = 0; in usb_disable_device. Thanks a lot, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern 2004-05-13 19:50 ` Duncan Sands @ 2004-05-13 22:40 ` Greg KH 2004-05-14 10:24 ` Nuno Ferreira 2004-05-15 15:50 ` Nuno Ferreira 3 siblings, 0 replies; 17+ messages in thread From: Greg KH @ 2004-05-13 22:40 UTC (permalink / raw) To: Alan Stern Cc: Duncan Sands, Nuno Ferreira, Kernel development list, linux-usb-devel On Thu, May 13, 2004 at 01:56:32PM -0400, Alan Stern wrote: > On Thu, 13 May 2004, Duncan Sands wrote: > > > No, but the pointer for another (previous) interface may just have been > > set to NULL, causing an Oops when usb_ifnum_to_if loops over all > > interfaces. > > Of course! I trust you won't mind me changing your suggested fix > slightly. This should do an equally good job of repairing things, and it > will prevent other possible invalid references as well. > > Greg, please apply. Applied, thanks. greg k-h ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern 2004-05-13 19:50 ` Duncan Sands 2004-05-13 22:40 ` Greg KH @ 2004-05-14 10:24 ` Nuno Ferreira 2004-05-15 15:50 ` Nuno Ferreira 3 siblings, 0 replies; 17+ messages in thread From: Nuno Ferreira @ 2004-05-14 10:24 UTC (permalink / raw) To: Alan Stern Cc: Greg KH, Duncan Sands, Kernel development list, linux-usb-devel On Qui, 2004-05-13 at 13:56 -0400, Alan Stern wrote: > On Thu, 13 May 2004, Duncan Sands wrote: > > > No, but the pointer for another (previous) interface may just have been > > set to NULL, causing an Oops when usb_ifnum_to_if loops over all > > interfaces. > > Of course! I trust you won't mind me changing your suggested fix > slightly. This should do an equally good job of repairing things, and it > will prevent other possible invalid references as well. I've been out of town so I could not test this patch yet. I'll try it later tonight and let you know if it's fixed. Thanks -- Nuno Ferreira ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern ` (2 preceding siblings ...) 2004-05-14 10:24 ` Nuno Ferreira @ 2004-05-15 15:50 ` Nuno Ferreira 2004-05-15 16:43 ` Duncan Sands 3 siblings, 1 reply; 17+ messages in thread From: Nuno Ferreira @ 2004-05-15 15:50 UTC (permalink / raw) To: Alan Stern Cc: Greg KH, Duncan Sands, Kernel development list, linux-usb-devel On Qui, 2004-05-13 at 13:56 -0400, Alan Stern wrote: > On Thu, 13 May 2004, Duncan Sands wrote: > > > No, but the pointer for another (previous) interface may just have been > > set to NULL, causing an Oops when usb_ifnum_to_if loops over all > > interfaces. > > Of course! I trust you won't mind me changing your suggested fix > slightly. This should do an equally good job of repairing things, and it > will prevent other possible invalid references as well. OK, I've now tested the patch ant it appears to work, I removed the USB modem several times and not a single Oops to report. Great work, thanks ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: PATCH: (as279) Don't delete interfaces until all are unbound 2004-05-15 15:50 ` Nuno Ferreira @ 2004-05-15 16:43 ` Duncan Sands 0 siblings, 0 replies; 17+ messages in thread From: Duncan Sands @ 2004-05-15 16:43 UTC (permalink / raw) To: Nuno Ferreira, Alan Stern Cc: Greg KH, Kernel development list, linux-usb-devel > OK, I've now tested the patch ant it appears to work, I removed the USB > modem several times and not a single Oops to report. Thanks for testing. The fix is in Linus's tree, so the next kernel release will have it. All the best, Duncan. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: 2.6.6 Oops disconnecting speedtouch usb modem 2004-05-11 11:26 2.6.6 Oops disconnecting speedtouch usb modem Nuno Ferreira 2004-05-11 11:40 ` Duncan Sands @ 2004-05-11 11:42 ` Grzegorz Kulewski 1 sibling, 0 replies; 17+ messages in thread From: Grzegorz Kulewski @ 2004-05-11 11:42 UTC (permalink / raw) To: Nuno Ferreira; +Cc: linux-kernel That seems to be the same problem as mine posted a while ago. It was reported against some 2.6.6-rc and was titled something like "3 usb regressions that should be fixed before 2.6.6". But unfortunatelly they were not. But the fixes probably exists in bk repositories and are waiting for inclusion into mainline (I strongly hope). As a workaround you probably should try to apply usb-bk.patch from 2.6.6-mm? kernel or use the bitkeeper to download and apply the right patch (I do not use bk so ask somebody else how to do it). Grzegorz Kulewski On Tue, 11 May 2004, Nuno Ferreira wrote: > After upgrading from 2.6.5 to 2.6.6 I got this error while disconnecting > my Speedtouch USB ADSL modem. > > May 10 23:31:57 taz kernel: usb 1-1: USB disconnect, address 2 > May 10 23:31:57 taz kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000004 > May 10 23:31:57 taz kernel: printing eip: > May 10 23:31:57 taz kernel: c02315d4 > May 10 23:31:57 taz kernel: *pde = 00000000 > May 10 23:31:57 taz kernel: Oops: 0000 [#1] > May 10 23:31:57 taz kernel: CPU: 0 > May 10 23:31:57 taz kernel: EIP: 0060:[destroy_async+84/128] Not tainted > May 10 23:31:57 taz kernel: EFLAGS: 00010013 (2.6.6) > May 10 23:31:57 taz kernel: EIP is at destroy_async+0x54/0x80 > May 10 23:31:57 taz kernel: eax: dcd656ac ebx: 00000286 ecx: 00000000 edx: dcd65690 > May 10 23:31:57 taz kernel: esi: dcd656ac edi: dcd65690 ebp: dd39e424 esp: ddd75ea0 > May 10 23:31:57 taz kernel: ds: 007b es: 007b ss: 0068 > May 10 23:31:57 taz kernel: Process khubd (pid: 5, threadinfo=ddd75000 task=ddfa6030) > May 10 23:31:57 taz kernel: Stack: c022e368 ddd13294 c0330ba0 dd39e400 c02316c9 dcd65690 dcd656ac c022873a > May 10 23:31:57 taz kernel: ddd13294 ddd13294 dd15f648 ddd132a4 c0330bc0 c01f6a94 ddd132a4 ddd132cc > May 10 23:31:57 taz kernel: ddd132a4 dd39e4cc c01f6bc5 ddd132a4 ddd132fc ddd132a4 dd39e4cc c01f5b2d > May 10 23:31:57 taz kernel: Call Trace: > May 10 23:31:57 taz kernel: [usb_disable_interface+56/80] usb_disable_interface+0x38/0x50 > May 10 23:31:57 taz kernel: [driver_disconnect+57/64] driver_disconnect+0x39/0x40 > May 10 23:31:57 taz kernel: [usb_unbind_interface+122/128] usb_unbind_interface+0x7a/0x80 > May 10 23:31:57 taz kernel: [device_release_driver+100/112] device_release_driver+0x64/0x70 > May 10 23:31:57 taz kernel: [bus_remove_device+85/160] bus_remove_device+0x55/0xa0 > May 10 23:31:57 taz kernel: [device_del+93/160] device_del+0x5d/0xa0 > May 10 23:31:57 taz kernel: [device_unregister+19/48] device_unregister+0x13/0x30 > May 10 23:31:57 taz kernel: [usb_disable_device+111/176] usb_disable_device+0x6f/0xb0 > May 10 23:31:57 taz kernel: [usb_disconnect+150/240] usb_disconnect+0x96/0xf0 > May 10 23:31:57 taz kernel: [hub_port_connect_change+625/640] hub_port_connect_change+0x271/0x280 > May 10 23:31:57 taz kernel: [hub_port_status+67/176] hub_port_status+0x43/0xb0 > May 10 23:31:57 taz kernel: [hub_events+672/768] hub_events+0x2a0/0x300 > May 10 23:31:57 taz kernel: [hub_thread+45/240] hub_thread+0x2d/0xf0 > May 10 23:31:57 taz kernel: [default_wake_function+0/32] default_wake_function+0x0/0x20 > May 10 23:31:57 taz kernel: [hub_thread+0/240] hub_thread+0x0/0xf0 > May 10 23:31:57 taz kernel: [kernel_thread_helper+5/20] kernel_thread_helper+0x5/0x14 > May 10 23:31:57 taz kernel: > May 10 23:31:57 taz kernel: Code: 8b 51 04 8b 01 89 50 04 89 02 89 49 04 89 09 53 9d 8b 41 20 > > I also had another problem before that one, modem_run complained that it > couldn't read interrupts and exited. The connections stayed up, though. > > May 10 23:22:31 taz modem_run[1364]: [monitoring report] ADSL link went > up > May 10 23:22:50 taz modem_run[874]: ADSL synchronization has been obtained > May 10 23:22:50 taz modem_run[874]: ADSL line is up (512 kbit/s down | 128 kbit/s up) > May 10 23:22:50 taz modem_run[1364]: Error reading interrupts > May 10 23:22:50 taz modem_run[1364]: [monitoring report] ADSL link went down > May 10 23:22:51 taz modem_run[1364]: Device disconnected, shutting down > > Neither of these problems happen with the same setup running 2.6.5. I'll > try to find more find more information about this second problem when I > get home. > > Anyone else having problems with the speedtouch usb on 2.6.6? > -- > Nuno Ferreira > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2004-05-15 16:43 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-05-11 11:26 2.6.6 Oops disconnecting speedtouch usb modem Nuno Ferreira 2004-05-11 11:40 ` Duncan Sands 2004-05-11 14:56 ` Nuno Ferreira 2004-05-12 2:25 ` Nuno Ferreira 2004-05-12 15:02 ` Duncan Sands 2004-05-13 9:04 ` Duncan Sands 2004-05-13 15:56 ` Alan Stern 2004-05-13 16:45 ` Duncan Sands 2004-05-13 17:56 ` PATCH: (as279) Don't delete interfaces until all are unbound Alan Stern 2004-05-13 19:50 ` Duncan Sands 2004-05-13 21:03 ` Alan Stern 2004-05-13 21:23 ` Duncan Sands 2004-05-13 22:40 ` Greg KH 2004-05-14 10:24 ` Nuno Ferreira 2004-05-15 15:50 ` Nuno Ferreira 2004-05-15 16:43 ` Duncan Sands 2004-05-11 11:42 ` 2.6.6 Oops disconnecting speedtouch usb modem Grzegorz Kulewski
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox