Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758599AbXKCKD1 (ORCPT ); Sat, 3 Nov 2007 06:03:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754119AbXKCKDU (ORCPT ); Sat, 3 Nov 2007 06:03:20 -0400 Received: from smtp105.plus.mail.re1.yahoo.com ([69.147.102.68]:48294 "HELO smtp105.plus.mail.re1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1754036AbXKCKDS (ORCPT ); Sat, 3 Nov 2007 06:03:18 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=Received:X-YMail-OSG:Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent; b=Y/hueLpoVdffxbKCWeeGuvvAE3oCwgii7ijBX/HxyUpMb5rhfH1jY/tAClvcou4DzA2RmqP/ax0iubyfA0cid+OlwoG3Og1tatUvUpC17H7QGiVpOFqI97mDS6YjmJlz6NEhonQHvMcnAYsCyAyqHQxYOvOpATxpTrlbLmj1q4E= ; X-YMail-OSG: g2pVBDMVM1keE2nbKtDefEGLzxV0v0AwTgEVJId4DozHYxUJ26Ooqy5MyJtpsLIaR2DEf9UgoA-- Date: Sat, 3 Nov 2007 11:03:01 +0100 From: Borislav Petkov To: Greg KH Cc: linux-kernel@vger.kernel.org, Andrew Morton , lucy@keyspan.com Subject: [PATCH] keyspan: init termios properly Message-ID: <20071103100301.GA5615@gollum.tnic> Reply-To: bbpetkov@yahoo.de MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.16 (2007-06-11) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 11647 Lines: 239 Hi Greg, i get the following backtrace when booting the kernel with "console=ttyUSB0 console=tty0" while using a Keyspan USA-19HS the usb-to-serial converter connected to a desktop machine: [ 43.782384] usbcore: registered new interface driver usbserial [ 43.782444] drivers/usb/serial/usb-serial.c: USB Serial Driver core [ 43.782543] drivers/usb/serial/usb-serial.c: USB Serial support registered for Keyspan - (without firmware) [ 43.782652] drivers/usb/serial/usb-serial.c: USB Serial support registered for Keyspan 1 port adapter [ 43.782759] drivers/usb/serial/usb-serial.c: USB Serial support registered for Keyspan 2 port adapter [ 43.782866] drivers/usb/serial/usb-serial.c: USB Serial support registered for Keyspan 4 port adapter [ 43.782980] usbcore: registered new interface driver keyspan [ 43.783040] drivers/usb/serial/keyspan.c: v1.1.5:Keyspan USB to Serial Converter Driver ... [ 124.816533] usb 3-1: new full speed USB device using uhci_hcd and address 2 [ 125.135811] usb 3-1: configuration #1 chosen from 2 choices [ 125.140709] keyspan 3-1:1.0: Keyspan 1 port adapter converter detected [ 125.141110] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 125.142446] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000084 [ 125.142597] printing eip: c02654ca *pde = 00000000 [ 125.142764] BUG: using smp_processor_id() in preemptible [00000001] code: khubd/142 [ 125.142861] caller is die+0x59/0x1eb [ 125.142930] [] show_trace_log_lvl+0x1a/0x2f [ 125.143054] [] show_trace+0x12/0x14 [ 125.143173] [] dump_stack+0x16/0x18 [ 125.143293] [] debug_smp_processor_id+0xa3/0xb8 [ 125.143429] [] die+0x59/0x1eb [ 125.143546] [] do_page_fault+0x42c/0x505 [ 125.143680] [] error_code+0x72/0x78 [ 125.143802] [] usb_console_setup+0x182/0x282 [ 125.143925] [] register_console+0xe9/0x21c [ 125.144048] [] usb_serial_console_init+0x31/0x33 [ 125.144171] [] usb_serial_probe+0xe3c/0xf55 [ 125.144293] [] usb_probe_interface+0xb6/0xe7 [ 125.144424] [] driver_probe_device+0xcb/0x14f [ 125.144548] [] __device_attach+0x8/0xa [ 125.144678] [] bus_for_each_drv+0x3b/0x63 [ 125.144799] [] device_attach+0x70/0x85 [ 125.144919] [] bus_attach_device+0x29/0x77 [ 125.145040] [] device_add+0x302/0x514 [ 125.145160] [] usb_set_configuration+0x418/0x46d [ 125.145283] [] generic_probe+0x53/0x94 [ 125.145403] [] usb_probe_device+0x38/0x3e [ 125.145523] [] driver_probe_device+0xcb/0x14f [ 125.145656] [] __device_attach+0x8/0xa [ 125.145776] [] bus_for_each_drv+0x3b/0x63 [ 125.146675] [] device_attach+0x70/0x85 [ 125.146795] [] bus_attach_device+0x29/0x77 [ 125.146916] [] device_add+0x302/0x514 [ 125.147036] [] usb_new_device+0x44/0x82 [ 125.147160] [] hub_thread+0x65a/0xa13 [ 125.147280] [] kthread+0x3b/0x64 [ 125.147400] [] kernel_thread_helper+0x7/0x10 [ 125.147521] ======================= [ 125.147600] Oops: 0000 [#1] PREEMPT SMP [ 125.147805] Modules linked in: usbhid video output tg3 intel_agp uhci_hcd psmouse agpgart rtc evdev [ 125.148403] [ 125.148466] Pid: 142, comm: khubd Not tainted (2.6.24-rc1-521-g54866f0 #16) [ 125.148546] BUG: using smp_processor_id() in preemptible [00000001] code: khubd/142 [ 125.148646] caller is __show_registers+0xad/0x1d8 [ 125.148717] [] show_trace_log_lvl+0x1a/0x2f [ 125.148839] [] show_trace+0x12/0x14 [ 125.148958] [] dump_stack+0x16/0x18 [ 125.149077] [] debug_smp_processor_id+0xa3/0xb8 [ 125.149201] [] __show_registers+0xad/0x1d8 [ 125.149321] [] show_registers+0x19/0x1d9 [ 125.149440] [] die+0x11f/0x1eb [ 125.149557] [] do_page_fault+0x42c/0x505 [ 125.149688] [] error_code+0x72/0x78 [ 125.149808] [] usb_console_setup+0x182/0x282 [ 125.149930] [] register_console+0xe9/0x21c [ 125.150051] [] usb_serial_console_init+0x31/0x33 [ 125.150175] [] usb_serial_probe+0xe3c/0xf55 [ 125.150296] [] usb_probe_interface+0xb6/0xe7 [ 125.150416] [] driver_probe_device+0xcb/0x14f [ 125.150538] [] __device_attach+0x8/0xa [ 125.150669] [] bus_for_each_drv+0x3b/0x63 [ 125.150792] [] device_attach+0x70/0x85 [ 125.150913] [] bus_attach_device+0x29/0x77 [ 125.151036] [] device_add+0x302/0x514 [ 125.151156] [] usb_set_configuration+0x418/0x46d [ 125.151281] [] generic_probe+0x53/0x94 [ 125.151402] [] usb_probe_device+0x38/0x3e [ 125.151523] [] driver_probe_device+0xcb/0x14f [ 125.151658] [] __device_attach+0x8/0xa [ 125.151780] [] bus_for_each_drv+0x3b/0x63 [ 125.151902] [] device_attach+0x70/0x85 [ 125.152023] [] bus_attach_device+0x29/0x77 [ 125.152146] [] device_add+0x302/0x514 [ 125.152266] [] usb_new_device+0x44/0x82 [ 125.152388] [] hub_thread+0x65a/0xa13 [ 125.152508] [] kthread+0x3b/0x64 [ 125.152633] [] kernel_thread_helper+0x7/0x10 [ 125.152754] ======================= [ 125.152822] EIP: 0060:[] EFLAGS: 00010246 CPU: 0 [ 125.152901] EIP is at keyspan_open+0x11c/0x19d [ 125.152971] EAX: 00000000 EBX: c19e7c00 ECX: c19e7c00 EDX: c19e7c00 [ 125.153047] ESI: c1bd3e00 EDI: 00000002 EBP: c1886b54 ESP: c1886b1c [ 125.153123] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [ 125.153197] Process khubd (pid: 142, ti=c1886000 task=c1843080 task.ti=c1886000) [ 125.153274] Stack: 00000246 22222222 22222222 22222222 22222222 c03eeb40 c19e7c00 0000006e [ 125.153775] c1aeab40 c030fcec c02f72b5 c19e7c00 0000006e c03eed18 c1886bb0 c0262a50 [ 125.154264] c02316d6 c1886b68 c0232e33 c1aeab40 c1886b78 c01dd877 00000cbd c1886b80 [ 125.154762] Call Trace: [ 125.154875] [] show_trace_log_lvl+0x1a/0x2f [ 125.154995] [] show_stack_log_lvl+0x9b/0xa3 [ 125.155115] [] show_registers+0xa4/0x1d9 [ 125.155235] [] die+0x11f/0x1eb [ 125.155352] [] do_page_fault+0x42c/0x505 [ 125.155472] [] error_code+0x72/0x78 [ 125.155654] [] usb_console_setup+0x182/0x282 [ 125.155774] [] register_console+0xe9/0x21c [ 125.155893] [] usb_serial_console_init+0x31/0x33 [ 125.156013] [] usb_serial_probe+0xe3c/0xf55 [ 125.156131] [] usb_probe_interface+0xb6/0xe7 [ 125.156251] [] driver_probe_device+0xcb/0x14f [ 125.156370] [] __device_attach+0x8/0xa [ 125.156488] [] bus_for_each_drv+0x3b/0x63 [ 125.156616] [] device_attach+0x70/0x85 [ 125.156734] [] bus_attach_device+0x29/0x77 [ 125.156852] [] device_add+0x302/0x514 [ 125.156969] [] usb_set_configuration+0x418/0x46d [ 125.157089] [] generic_probe+0x53/0x94 [ 125.157207] [] usb_probe_device+0x38/0x3e [ 125.157325] [] driver_probe_device+0xcb/0x14f [ 125.157445] [] __device_attach+0x8/0xa [ 125.157562] [] bus_for_each_drv+0x3b/0x63 [ 125.157689] [] device_attach+0x70/0x85 [ 125.157806] [] bus_attach_device+0x29/0x77 [ 125.157925] [] device_add+0x302/0x514 [ 125.158041] [] usb_new_device+0x44/0x82 [ 125.158160] [] hub_thread+0x65a/0xa13 [ 125.158277] [] kthread+0x3b/0x64 [ 125.158393] [] kernel_thread_helper+0x7/0x10 [ 125.158512] ======================= [ 125.158577] Code: 74 08 8b 4d e8 8b 01 89 42 28 8b 96 98 00 00 00 85 d2 74 08 8b 5d e8 8b 03 89 42 28 8b 55 e0 8b 4d e0 8b 5d e0 8b 42 04 8a 49 48 <8b> 90 84 00 00 00 8b 7a 08 88 4d f3 8b 13 8a 52 0c 88 55 e7 e8 [ 50.035324] EIP: [] keyspan_open+0x11c/0x19d SS:ESP 0068:c1886b1c and this happens, imho, because in usb_console_setup(), port->tty is set to NULL prior to calling serial->type->open() which is keyspan_open() in this case. In keyspan_open(), otoh, some premature terminal config is done for the purposes of the setup message by deref'ing, among others, port->tty->termios->c_flag, which, as we saw before :) is NULL and BAM! The patch below is against current git (v2.6.24-rc1-573-g74521c2). --- From: Borislav Petkov Remove redundant code leading to NULL ptr deref and let terminal config settings take place in the proper initialization path in usb_console_setup(). Signed-off-by: Borislav Petkov -- drivers/usb/serial/keyspan.c | 38 ++++++-------------------------------- 1 files changed, 6 insertions(+), 32 deletions(-) diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c index 6bfdba6..1f7ab15 100644 --- a/drivers/usb/serial/keyspan.c +++ b/drivers/usb/serial/keyspan.c @@ -1215,20 +1215,18 @@ static int keyspan_chars_in_buffer (struct usb_serial_port *port) static int keyspan_open (struct usb_serial_port *port, struct file *filp) { - struct keyspan_port_private *p_priv; - struct keyspan_serial_private *s_priv; - struct usb_serial *serial = port->serial; + struct keyspan_port_private *p_priv; + struct keyspan_serial_private *s_priv; + struct usb_serial *serial = port->serial; const struct keyspan_device_details *d_details; int i, err; - int baud_rate, device_port; struct urb *urb; - unsigned int cflag; s_priv = usb_get_serial_data(serial); p_priv = usb_get_serial_port_data(port); d_details = p_priv->device_details; - - dbg("%s - port%d.", __FUNCTION__, port->number); + + dbg("%s - port%d.", __FUNCTION__, port->number); /* Set some sane defaults */ p_priv->rts_state = 1; @@ -1249,7 +1247,7 @@ static int keyspan_open (struct usb_serial_port *port, struct file *filp) urb->dev = serial->dev; /* make sure endpoint data toggle is synchronized with the device */ - + usb_clear_halt(urb->dev, urb->pipe); if ((err = usb_submit_urb(urb, GFP_KERNEL)) != 0) { @@ -1265,30 +1263,6 @@ static int keyspan_open (struct usb_serial_port *port, struct file *filp) /* usb_settoggle(urb->dev, usb_pipeendpoint(urb->pipe), usb_pipeout(urb->pipe), 0); */ } - /* get the terminal config for the setup message now so we don't - * need to send 2 of them */ - - cflag = port->tty->termios->c_cflag; - device_port = port->number - port->serial->minor; - - /* Baud rate calculation takes baud rate as an integer - so other rates can be generated if desired. */ - baud_rate = tty_get_baud_rate(port->tty); - /* If no match or invalid, leave as default */ - if (baud_rate >= 0 - && d_details->calculate_baud_rate(baud_rate, d_details->baudclk, - NULL, NULL, NULL, device_port) == KEYSPAN_BAUD_RATE_OK) { - p_priv->baud = baud_rate; - } - - /* set CTS/RTS handshake etc. */ - p_priv->cflag = cflag; - p_priv->flow_control = (cflag & CRTSCTS)? flow_cts: flow_none; - - keyspan_send_setup(port, 1); - //mdelay(100); - //keyspan_set_termios(port, NULL); - return (0); } -- Regards/Gru?, Boris. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/