respin of hso patches for linux-2.6.28-rc6 hso_close

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* respin of hso patches for linux-2.6.28-rc6 hso_close_fix.patch [patch 2/6 ]
@ 2008-11-24 14:42 Denis Joseph Barrow
       [not found] ` <492ABD5A.4000006-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Denis Joseph Barrow @ 2008-11-24 14:42 UTC (permalink / raw)
  To: Linux USB kernel mailing list, Linux netdev Mailing list

[-- Attachment #1: Type: text/plain, Size: 1746 bytes --]

Moved serial_open_count in hso_serial_open to
prevent crashes owing to the serial structure being made NULL
when hso_serial_close is called even though hso_serial_open
returned -ENODEV, Alan Cox pointed out this happens,
also put in sanity check in hso_serial_close
to check for a valid serial structure which should prevent
the most reproducable crash in the driver when the hso device
is disconnected while in use.
Signed-off-by: Denis Joseph Barrow <D.Barow-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
---
Index: linux-2.6.28-rc6.patches/drivers/net/usb/hso.c
===================================================================
--- linux-2.6.28-rc6.patches.orig/drivers/net/usb/hso.c	2008-11-24 14:01:45.000000000 +0100
+++ linux-2.6.28-rc6.patches/drivers/net/usb/hso.c	2008-11-24 14:10:15.000000000 +0100
@@ -1235,6 +1235,11 @@
 	}
 
 	mutex_lock(&serial->parent->mutex);
+	/* check for port already opened, if not set the termios */
+	/* The serial->open count needs to be here as hso_serial_close
+	 *  will be called even if hso_serial_open returns -ENODEV.
+	 */
+	serial->open_count++;
 	result = usb_autopm_get_interface(serial->parent->interface);
 	if (result < 0)
 		goto err_out;
@@ -1246,8 +1251,6 @@
 	tty->driver_data = serial;
 	serial->tty = tty;
 
-	/* check for port already opened, if not set the termios */
-	serial->open_count++;
 	if (serial->open_count == 1) {
 		tty->low_latency = 1;
 		serial->rx_state = RX_IDLE;
@@ -1285,6 +1288,10 @@
 	u8 usb_gone;
 
 	D1("Closing serial port");
+	if (serial == NULL || serial->magic != HSO_SERIAL_MAGIC) {
+		D1("invalid serial structure bailing out.\n");
+		return;
+	}
 
 	mutex_lock(&serial->parent->mutex);
 	usb_gone = serial->parent->usb_gone;

-- 
best regards,
D.J. Barrow

[-- Attachment #2: hso_close_fix.patch --]
[-- Type: text/x-diff, Size: 1715 bytes --]

Moved serial_open_count in hso_serial_open to
prevent crashes owing to the serial structure being made NULL
when hso_serial_close is called even though hso_serial_open
returned -ENODEV, Alan Cox pointed out this happens,
also put in sanity check in hso_serial_close
to check for a valid serial structure which should prevent
the most reproducable crash in the driver when the hso device
is disconnected while in use.
Signed-off-by: Denis Joseph Barrow <D.Barow-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
---
Index: linux-2.6.28-rc6.patches/drivers/net/usb/hso.c
===================================================================
--- linux-2.6.28-rc6.patches.orig/drivers/net/usb/hso.c	2008-11-24 14:01:45.000000000 +0100
+++ linux-2.6.28-rc6.patches/drivers/net/usb/hso.c	2008-11-24 14:10:15.000000000 +0100
@@ -1235,6 +1235,11 @@
 	}
 
 	mutex_lock(&serial->parent->mutex);
+	/* check for port already opened, if not set the termios */
+	/* The serial->open count needs to be here as hso_serial_close
+	 *  will be called even if hso_serial_open returns -ENODEV.
+	 */
+	serial->open_count++;
 	result = usb_autopm_get_interface(serial->parent->interface);
 	if (result < 0)
 		goto err_out;
@@ -1246,8 +1251,6 @@
 	tty->driver_data = serial;
 	serial->tty = tty;
 
-	/* check for port already opened, if not set the termios */
-	serial->open_count++;
 	if (serial->open_count == 1) {
 		tty->low_latency = 1;
 		serial->rx_state = RX_IDLE;
@@ -1285,6 +1288,10 @@
 	u8 usb_gone;
 
 	D1("Closing serial port");
+	if (serial == NULL || serial->magic != HSO_SERIAL_MAGIC) {
+		D1("invalid serial structure bailing out.\n");
+		return;
+	}
 
 	mutex_lock(&serial->parent->mutex);
 	usb_gone = serial->parent->usb_gone;

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <492ABD5A.4000006-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>]

* Re: respin of hso patches for linux-2.6.28-rc6 hso_close_fix.patch [patch 2/6 ]
       [not found] ` <492ABD5A.4000006-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
@ 2008-11-24 16:45   ` Marcel Holtmann
  2008-11-24 16:50     ` Alan Cox
  2008-11-25  8:29   ` David Miller
  1 sibling, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2008-11-24 16:45 UTC (permalink / raw)
  To: Denis Joseph Barrow
  Cc: Linux USB kernel mailing list, Linux netdev Mailing list

Hi Denis,

> Moved serial_open_count in hso_serial_open to
> prevent crashes owing to the serial structure being made NULL
> when hso_serial_close is called even though hso_serial_open
> returned -ENODEV, Alan Cox pointed out this happens,
> also put in sanity check in hso_serial_close
> to check for a valid serial structure which should prevent
> the most reproducable crash in the driver when the hso device
> is disconnected while in use.
> Signed-off-by: Denis Joseph Barrow <D.Barow-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
> ---
> Index: linux-2.6.28-rc6.patches/drivers/net/usb/hso.c
> ===================================================================
> --- linux-2.6.28-rc6.patches.orig/drivers/net/usb/hso.c	2008-11-24  
> 14:01:45.000000000 +0100
> +++ linux-2.6.28-rc6.patches/drivers/net/usb/hso.c	2008-11-24  
> 14:10:15.000000000 +0100
> @@ -1235,6 +1235,11 @@
> 	}
>
> 	mutex_lock(&serial->parent->mutex);
> +	/* check for port already opened, if not set the termios */
> +	/* The serial->open count needs to be here as hso_serial_close
> +	 *  will be called even if hso_serial_open returns -ENODEV.
> +	 */
> +	serial->open_count++;
> 	result = usb_autopm_get_interface(serial->parent->interface);
> 	if (result < 0)
> 		goto err_out;
> @@ -1246,8 +1251,6 @@
> 	tty->driver_data = serial;
> 	serial->tty = tty;
>
> -	/* check for port already opened, if not set the termios */
> -	serial->open_count++;
> 	if (serial->open_count == 1) {
> 		tty->low_latency = 1;
> 		serial->rx_state = RX_IDLE;
> @@ -1285,6 +1288,10 @@
> 	u8 usb_gone;
>
> 	D1("Closing serial port");
> +	if (serial == NULL || serial->magic != HSO_SERIAL_MAGIC) {
> +		D1("invalid serial structure bailing out.\n");
> +		return;
> +	}

using !serial instead of serial == NULL would be better.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: respin of hso patches for linux-2.6.28-rc6 hso_close_fix.patch [patch 2/6 ]
  2008-11-24 16:45   ` Marcel Holtmann
@ 2008-11-24 16:50     ` Alan Cox
  0 siblings, 0 replies; 4+ messages in thread
From: Alan Cox @ 2008-11-24 16:50 UTC (permalink / raw)
  To: Marcel Holtmann
  Cc: Denis Joseph Barrow, Linux USB kernel mailing list,
	Linux netdev Mailing list

> > 	D1("Closing serial port");
> > +	if (serial == NULL || serial->magic != HSO_SERIAL_MAGIC) {
> > +		D1("invalid serial structure bailing out.\n");
> > +		return;
> > +	}
> 
> using !serial instead of serial == NULL would be better.

A lot of serial code uses == NULL and its just as clear IMHO.

A bigger concern would be the lack of refcounting. Really for 2.6.28 now
the refcount patches are in the direction should be refcounting the tty
objects at least.

I've got a pair of proposed patches I'll post for comment

Alan

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: respin of hso patches for linux-2.6.28-rc6 hso_close_fix.patch [patch 2/6 ]
       [not found] ` <492ABD5A.4000006-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
  2008-11-24 16:45   ` Marcel Holtmann
@ 2008-11-25  8:29   ` David Miller
  1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2008-11-25  8:29 UTC (permalink / raw)
  To: D.Barow-x9gZzRpC1QbQT0dZR+AlfA
  Cc: linux-usb-u79uwXL29TY76Z2rM5mHXA, netdev-u79uwXL29TY76Z2rM5mHXA

From: Denis Joseph Barrow <D.Barow-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
Date: Mon, 24 Nov 2008 15:42:34 +0100

> Moved serial_open_count in hso_serial_open to
> prevent crashes owing to the serial structure being made NULL
> when hso_serial_close is called even though hso_serial_open
> returned -ENODEV, Alan Cox pointed out this happens,
> also put in sanity check in hso_serial_close
> to check for a valid serial structure which should prevent
> the most reproducable crash in the driver when the hso device
> is disconnected while in use.
> Signed-off-by: Denis Joseph Barrow <D.Barow-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-11-25  8:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-24 14:42 respin of hso patches for linux-2.6.28-rc6 hso_close_fix.patch [patch 2/6 ] Denis Joseph Barrow
     [not found] ` <492ABD5A.4000006-x9gZzRpC1QbQT0dZR+AlfA@public.gmane.org>
2008-11-24 16:45   ` Marcel Holtmann
2008-11-24 16:50     ` Alan Cox
2008-11-25  8:29   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).