From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753584AbaBMJDL (ORCPT ); Thu, 13 Feb 2014 04:03:11 -0500 Received: from smtp-4.sys.kth.se ([130.237.48.193]:56187 "EHLO smtp-4.sys.kth.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753283AbaBMJDE (ORCPT ); Thu, 13 Feb 2014 04:03:04 -0500 X-Greylist: delayed 496 seconds by postgrey-1.27 at vger.kernel.org; Thu, 13 Feb 2014 04:03:04 EST X-KTH-Auth: tommie [89.100.2.51] X-KTH-mail-from: tommie@gannert.se Message-ID: <52FC87B6.4070001@gannert.se> Date: Thu, 13 Feb 2014 08:52:06 +0000 From: Tommie Gannert User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Samuel Ortiz CC: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] irtty-sir.c: Do not set_termios() on irtty_close() Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tommie Gannert Issuing set_termios() from irtty_close() causes kernel Oops for unplugged usb-serial devices. Since no other tty_ldisc calls set_termios() on close and no tty driver seem to check if tty->device_data is NULL or not on entry to set_termios(), the only solution I can come up with is to remove the irtty_stop_receiver() call, which only updates termios. Signed-off-by: Tommie Gannert --- I know very little of this code, and I'm not sure this is a good solution, so here's some background: I have a gadget using IrLAP over RS-232, and it's connected to a USB-RS232 converter. I have udev rules to start/stop irattach on USB connect/disconnect, but I see an oops if I simply disconnect the device while irattach is still running: Crash log: [ 631.791294] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024 [ 631.791390] IP: [] ftdi_set_termios+0x42/0x670 [ftdi_sio] ... [ 631.793963] [] serial_set_termios+0x43/0x90 [usbserial] [ 631.794031] [] irtty_close+0x10c/0x190 [irtty_sir] [ 631.794096] [] tty_ldisc_close.isra.1+0x38/0x50 [ 631.794157] [] tty_ldisc_kill+0x18/0x90 [ 631.794209] [] tty_ldisc_release+0x34/0x90 [ 631.794266] [] tty_release+0x470/0x600 There is a comment in irtty_close() speculating about potential problems with usb-serial. I'm not sure if that comment belongs to sirdev_put_instance() or the irtty_stop_receiver() call. I would guess both, so I let it be. The effect of this is that /dev/ttyUSB* is still in use, and thus leaking at least dev nodes. This is a minimal patch that solves that oops. --- linux-3.12/drivers/net/irda/irtty-sir.c.orig 2014-02-12 21:36:46.132496089 +0000 +++ linux-3.12/drivers/net/irda/irtty-sir.c 2014-02-12 21:57:21.635843884 +0000 @@ -521,7 +521,6 @@ static void irtty_close(struct tty_struc sirdev_put_instance(priv->dev); /* Stop tty */ - irtty_stop_receiver(tty, TRUE); clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); if (tty->ops->stop) tty->ops->stop(tty);