2009-06-16 07:42:49

by Vitaly Mayatskih

[permalink] [raw]
Subject: [PATCH] Fix OOPS in pl2303

Kernel always OOPS in pl2303_close(), when serial converter disappears
and pppd tries to close statistics files in sysfs, because priv
structure was already freed in pl2302_shutdown().

This patch adds check for priv in pl2303_close().

Signed-off-by: Vitaly Mayatskikh <[email protected]>

diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c
index e02dc3d..945cfb0 100644
--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -674,19 +674,19 @@ static void pl2303_close(struct usb_serial_port *port)
struct pl2303_private *priv = usb_get_serial_port_data(port);
unsigned long flags;

- dbg("%s - port %d", __func__, port->number);
-
- spin_lock_irqsave(&priv->lock, flags);
- /* clear out any remaining data in the buffer */
- pl2303_buf_clear(priv->buf);
- spin_unlock_irqrestore(&priv->lock, flags);
+ if (priv) {
+ dbg("%s - port %d", __func__, port->number);

+ spin_lock_irqsave(&priv->lock, flags);
+ /* clear out any remaining data in the buffer */
+ pl2303_buf_clear(priv->buf);
+ spin_unlock_irqrestore(&priv->lock, flags);
+ }
/* shutdown our urbs */
dbg("%s - shutting down urbs", __func__);
usb_kill_urb(port->write_urb);
usb_kill_urb(port->read_urb);
usb_kill_urb(port->interrupt_in_urb);
-
}

static int pl2303_open(struct tty_struct *tty,

--
wbr, Vitaly


2009-06-16 18:31:43

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH] Fix OOPS in pl2303

On Tue, Jun 16, 2009 at 09:42:12AM +0200, Vitaly Mayatskikh wrote:
> Kernel always OOPS in pl2303_close(), when serial converter disappears
> and pppd tries to close statistics files in sysfs, because priv
> structure was already freed in pl2302_shutdown().
>
> This patch adds check for priv in pl2303_close().
>
> Signed-off-by: Vitaly Mayatskikh <[email protected]>

What kernel version are you seeing this problem on? And what version is
this patch for?

thanks,

greg k-h

2009-06-17 01:36:42

by Vitaly Mayatskih

[permalink] [raw]
Subject: Re: [PATCH] Fix OOPS in pl2303

At Tue, 16 Jun 2009 11:26:04 -0700, Greg KH wrote:

> What kernel version are you seeing this problem on? And what version is
> this patch for?

I've seen it on 2.6.29.4-167.fc11.x86_64, patch is for git with head
at 03347e2592078a90df818670fddf97a33eec70fb.

Trace log:

Jun 15 16:33:49 localhost kernel: hub 4-0:1.0: port 1 disabled by hub (EMI?), re-enabling...
Jun 15 16:33:49 localhost kernel: usb 4-1: USB disconnect, address 2
Jun 15 16:33:49 localhost pppd[2123]: Modem hangup
Jun 15 16:33:49 localhost pppd[2123]: Connect time 9.9 minutes.
Jun 15 16:33:49 localhost pppd[2123]: Sent 152530 bytes, received 326864 bytes.
Jun 15 16:33:49 localhost kernel: pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0
Jun 15 16:33:49 localhost kernel: pl2303 4-1:1.0: device disconnected
Jun 15 16:33:49 localhost pppd[2123]: Connection terminated.
Jun 15 16:33:49 localhost kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
Jun 15 16:33:49 localhost kernel: IP: [<ffffffff8102a039>] __ticket_spin_lock+0x9/0x1a
Jun 15 16:33:49 localhost kernel: PGD 0
Jun 15 16:33:49 localhost kernel: Oops: 0002 [#1] SMP
Jun 15 16:33:49 localhost kernel: last sysfs file: /sys/devices/virtual/net/ppp0/statistics/tx_bytes
Jun 15 16:33:49 localhost kernel: CPU 1
Jun 15 16:33:49 localhost kernel: Modules linked in: ppp_deflate zlib_deflate ppp_async crc_ccitt ppp_generic slhc pl2303 usbserial ipt_MASQUERADE iptable_nat nf_nat bridge stp llc sunrpc ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath kvm_intel kvm snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device arc4 snd_pcm_oss ecb snd_mixer_oss snd_pcm thinkpad_acpi firewire_ohci sdhci_pci iwl3945 snd_timer hwmon firewire_core sdhci yenta_socket mmc_core pcspkr mac80211 ricoh_mmc snd crc_itu_t rsrc_nonstatic e1000e i2c_i801 joydev lib80211 iTCO_wdt wmi soundcore iTCO_vendor_support cfg80211 snd_page_alloc i915 drm i2c_algo_bit i2c_core video output [last unloaded: microcode]
Jun 15 16:33:49 localhost kernel: Pid: 2123, comm: pppd Not tainted 2.6.29.4-167.fc11.x86_64 #1 6464CTO
Jun 15 16:33:49 localhost kernel: RIP: 0010:[<ffffffff8102a039>] [<ffffffff8102a039>] __ticket_spin_lock+0x9/0x1a
Jun 15 16:33:49 localhost kernel: RSP: 0018:ffff8801228a5cb8 EFLAGS: 00010046
Jun 15 16:33:49 localhost kernel: RAX: 0000000000000100 RBX: 0000000000000000 RCX: 0000000000000000
Jun 15 16:33:49 localhost kernel: RDX: ffff88012a988600 RSI: 0000000000000246 RDI: 0000000000000000
Jun 15 16:33:49 localhost kernel: RBP: ffff8801228a5cb8 R08: 0000000000000000 R09: 0000000000000008
Jun 15 16:33:49 localhost kernel: R10: 00007fffbec64070 R11: 0000000000000246 R12: 0000000000000246
Jun 15 16:33:49 localhost kernel: R13: ffff880139898800 R14: ffff88012a9ea480 R15: 0000000000007530
Jun 15 16:33:49 localhost kernel: FS: 00007faab6c026f0(0000) GS:ffff88013acf5280(0000) knlGS:0000000000000000
Jun 15 16:33:49 localhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 15 16:33:49 localhost kernel: CR2: 0000000000000000 CR3: 00000001228c5000 CR4: 00000000000026e0
Jun 15 16:33:49 localhost kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 15 16:33:49 localhost kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 15 16:33:49 localhost kernel: Process pppd (pid: 2123, threadinfo ffff8801228a4000, task ffff880122838000)
Jun 15 16:33:49 localhost kernel: Stack:
Jun 15 16:33:49 localhost kernel: ffff8801228a5cc8 ffffffff8102a103 ffff8801228a5ce8 ffffffff813abd6c
Jun 15 16:33:49 localhost kernel: 0000000000000000 ffff88013241c000 ffff8801228a5d68 ffffffffa02795e2
Jun 15 16:33:49 localhost kernel: ffff8801228a5da8 ffffffff811826c5 ffff8801228a5d28 ffffffff813abc50
Jun 15 16:33:49 localhost kernel: Call Trace:
Jun 15 16:33:49 localhost kernel: [<ffffffff8102a103>] default_spin_lock_flags+0x9/0xe
Jun 15 16:33:49 localhost kernel: [<ffffffff813abd6c>] _spin_lock_irqsave+0x32/0x3b
Jun 15 16:33:49 localhost kernel: [<ffffffffa02795e2>] pl2303_close+0x5d/0x205 [pl2303]
Jun 15 16:33:49 localhost kernel: [<ffffffff811826c5>] ? avc_has_perm_noaudit+0x262/0x3f8
Jun 15 16:33:49 localhost kernel: [<ffffffff813abc50>] ? _write_lock_irq+0x1e/0x32
Jun 15 16:33:49 localhost kernel: [<ffffffffa0333ccf>] serial_close+0x9d/0x156 [usbserial]
Jun 15 16:33:49 localhost kernel: [<ffffffff8122c2a6>] tty_release_dev+0x198/0x49a
Jun 15 16:33:49 localhost kernel: [<ffffffff811842bd>] ? inode_has_perm+0x64/0x66
Jun 15 16:33:49 localhost kernel: [<ffffffff81103077>] ? locks_free_lock+0x4f/0x53
Jun 15 16:33:49 localhost kernel: [<ffffffff8122c5c6>] tty_release+0x1e/0x29
Jun 15 16:33:49 localhost kernel: [<ffffffff810d61c4>] __fput+0xf9/0x1a0
Jun 15 16:33:49 localhost kernel: [<ffffffff810d6285>] fput+0x1a/0x1c
Jun 15 16:33:49 localhost kernel: [<ffffffff810d35c5>] filp_close+0x68/0x72
Jun 15 16:33:49 localhost kernel: [<ffffffff810d367b>] sys_close+0xac/0xea
Jun 15 16:33:49 localhost kernel: [<ffffffff8101133a>] system_call_fastpath+0x16/0x1b
Jun 15 16:33:49 localhost kernel: Code: 9e 02 81 44 89 c6 48 89 c7 e8 0a fb ff ff eb 0f 0f b7 f6 40 0f b6 ff 48 89 c2 e8 1c fb ff ff c9 c3 90 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 38 e0 74 06 f3 90 8a 07 eb f6 c9 c3 55 48 89 e5
Jun 15 16:33:49 localhost kernel: RIP [<ffffffff8102a039>] __ticket_spin_lock+0x9/0x1a
Jun 15 16:33:49 localhost kernel: RSP <ffff8801228a5cb8>
Jun 15 16:33:49 localhost kernel: CR2: 0000000000000000
Jun 15 16:33:49 localhost kernel: ---[ end trace 53ccdfc91f7d0819 ]---
Jun 15 16:33:49 localhost kernel: usb 4-1: new full speed USB device using uhci_hcd and address 3
Jun 15 16:33:49 localhost kernel: usb 4-1: New USB device found, idVendor=067b, idProduct=2303
Jun 15 16:33:49 localhost kernel: usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jun 15 16:33:49 localhost kernel: usb 4-1: Product: USB-Serial Controller
Jun 15 16:33:49 localhost kernel: usb 4-1: Manufacturer: Prolific Technology Inc.
Jun 15 16:33:49 localhost kernel: usb 4-1: configuration #1 chosen from 1 choice
Jun 15 16:33:49 localhost kernel: pl2303 4-1:1.0: pl2303 converter detected
Jun 15 16:33:49 localhost kernel: usb 4-1: pl2303 converter now attached to ttyUSB1

--
wbr, Vitaly

2009-06-17 14:17:54

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH] Fix OOPS in pl2303

On Wed, Jun 17, 2009 at 03:36:18AM +0200, Vitaly Mayatskikh wrote:
> At Tue, 16 Jun 2009 11:26:04 -0700, Greg KH wrote:
>
> > What kernel version are you seeing this problem on? And what version is
> > this patch for?
>
> I've seen it on 2.6.29.4-167.fc11.x86_64, patch is for git with head
> at 03347e2592078a90df818670fddf97a33eec70fb.

This should be resolved in Linus's tree now, can you try 2.6.31-rc1 when
it comes out and let me know if your patch is still needed or not?

thanks,

greg k-h

2009-06-18 05:18:48

by Vitaly Mayatskih

[permalink] [raw]
Subject: Re: [PATCH] Fix OOPS in pl2303

At Wed, 17 Jun 2009 06:41:01 -0700, Greg KH wrote:

> This should be resolved in Linus's tree now, can you try 2.6.31-rc1 when
> it comes out and let me know if your patch is still needed or not?

Issue solved, thanks.
--
wbr, Vitaly