leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a1028f0abf
linux/drivers
History
Bjørn Mork a1028f0abf usb: usb_wwan: replace release and disconnect with a port_remove hook 
Doing port specific cleanup in the .port_remove hook is a
lot simpler and safer than doing it in the USB driver
.release or .disconnect methods. The removal of the port
from the usb-serial bus will happen before the USB driver
cleanup, so we must be careful about accessing port specific
driver data from any USB driver functions.

This problem surfaced after the commit

 0998d0631 device-core: Ensure drvdata = NULL when no driver is bound

which turned the previous unsafe access into a reliable NULL
pointer dereference.

Fixes the following Oops:

[  243.148471] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  243.148508] IP: [<ffffffffa0468527>] stop_read_write_urbs+0x37/0x80 [usb_wwan]
[  243.148556] PGD 79d60067 PUD 79d61067 PMD 0
[  243.148590] Oops: 0000 [#1] SMP
[  243.148617] Modules linked in: sr_mod cdrom qmi_wwan usbnet option cdc_wdm usb_wwan usbserial usb_storage uas fuse af_packet ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun edd
cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_pcm_oss snd_mixer_oss acpi_cpufreq snd_seq mperf snd_seq_device coretemp arc4 sg hp_wmi sparse_keymap uvcvideo videobuf2_core
videodev videobuf2_vmalloc videobuf2_memops rtl8192ce rtl8192c_common rtlwifi joydev pcspkr microcode mac80211 i2c_i801 lpc_ich r8169 snd_hda_codec_idt cfg80211 snd_hda_intel snd_hda_codec rfkill
snd_hwdep snd_pcm wmi snd_timer ac snd soundcore snd_page_alloc battery uhci_hcd i915 drm_kms_helper drm i2c_algo_bit ehci_hcd thermal usbcore video usb_common button processor thermal_sys
[  243.149007] CPU 1
[  243.149027] Pid: 135, comm: khubd Not tainted 3.5.0-rc7-next-20120720-1-vanilla #1 Hewlett-Packard HP Mini 110-3700                /1584
[  243.149072] RIP: 0010:[<ffffffffa0468527>]  [<ffffffffa0468527>] stop_read_write_urbs+0x37/0x80 [usb_wwan]
[  243.149118] RSP: 0018:ffff880037e75b30  EFLAGS: 00010286
[  243.149133] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88005912aa28
[  243.149150] RDX: ffff88005e95f028 RSI: 0000000000000000 RDI: ffff88005f7c1a10
[  243.149166] RBP: ffff880037e75b60 R08: 0000000000000000 R09: ffffffff812cea90
[  243.149182] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88006539b440
[  243.149198] R13: ffff88006539b440 R14: 0000000000000000 R15: 0000000000000000
[  243.149216] FS:  0000000000000000(0000) GS:ffff88007ee80000(0000) knlGS:0000000000000000
[  243.149233] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  243.149248] CR2: 0000000000000000 CR3: 0000000079fe0000 CR4: 00000000000007e0
[  243.149264] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  243.149280] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  243.149298] Process khubd (pid: 135, threadinfo ffff880037e74000, task ffff880037d40600)
[  243.149313] Stack:
[  243.149323]  ffff880037e75b40 ffff88006539b440 ffff8800799bc830 ffff88005f7c1800
[  243.149348]  0000000000000001 ffff88006539b448 ffff880037e75b70 ffffffffa04685e9
[  243.149371]  ffff880037e75bc0 ffffffffa0473765 ffff880037354988 ffff88007b594800
[  243.149395] Call Trace:
[  243.149419]  [<ffffffffa04685e9>] usb_wwan_disconnect+0x9/0x10 [usb_wwan]
[  243.149447]  [<ffffffffa0473765>] usb_serial_disconnect+0xd5/0x120 [usbserial]
[  243.149511]  [<ffffffffa0046b48>] usb_unbind_interface+0x58/0x1a0 [usbcore]
[  243.149545]  [<ffffffff8139ebd7>] __device_release_driver+0x77/0xe0
[  243.149567]  [<ffffffff8139ec67>] device_release_driver+0x27/0x40
[  243.149587]  [<ffffffff8139e5cf>] bus_remove_device+0xdf/0x150
[  243.149608]  [<ffffffff8139bc78>] device_del+0x118/0x1a0
[  243.149661]  [<ffffffffa0044590>] usb_disable_device+0xb0/0x280 [usbcore]
[  243.149718]  [<ffffffffa003c6fd>] usb_disconnect+0x9d/0x140 [usbcore]
[  243.149770]  [<ffffffffa003da7d>] hub_port_connect_change+0xad/0x8a0 [usbcore]
[  243.149825]  [<ffffffffa0043bf5>] ? usb_control_msg+0xe5/0x110 [usbcore]
[  243.149878]  [<ffffffffa003e6e3>] hub_events+0x473/0x760 [usbcore]
[  243.149931]  [<ffffffffa003ea05>] hub_thread+0x35/0x1d0 [usbcore]
[  243.149955]  [<ffffffff81061960>] ? add_wait_queue+0x60/0x60
[  243.150004]  [<ffffffffa003e9d0>] ? hub_events+0x760/0x760 [usbcore]
[  243.150026]  [<ffffffff8106133e>] kthread+0x8e/0xa0
[  243.150047]  [<ffffffff8157ec04>] kernel_thread_helper+0x4/0x10
[  243.150068]  [<ffffffff810612b0>] ? flush_kthread_work+0x120/0x120
[  243.150088]  [<ffffffff8157ec00>] ? gs_change+0xb/0xb
[  243.150101] Code: fd 41 54 53 48 83 ec 08 80 7f 1a 00 74 57 49 89 fc 31 db 90 49 8b 7c 24 20 45 31 f6 48 81 c7 10 02 00 00 e8 bc 64 f3 e0 49 89 c7 <4b> 8b 3c 37 49 83 c6 08 e8 4c a5 bd ff 49 83 fe 20
75 ed 45 30
[  243.150257] RIP  [<ffffffffa0468527>] stop_read_write_urbs+0x37/0x80 [usb_wwan]
[  243.150282]  RSP <ffff880037e75b30>
[  243.150294] CR2: 0000000000000000
[  243.177170] ---[ end trace fba433d9015ffb8c ]---

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Thomas Schäfer <tschaefer@t-online.de>
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-10 11:51:43 -07:00
..
accessibility
acpi Merge branch 'linux-next' of git://cavan.codon.org.uk/platform-drivers-x86 2012-07-30 11:54:53 -07:00
amba Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
ata ARM: arm-soc Marvell Orion device-tree updates 2012-08-02 11:50:24 -07:00
atm
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
bcma Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2012-07-27 11:15:03 -04:00
block Merge branch 'for-3.6/drivers' of git://git.kernel.dk/linux-block 2012-08-01 09:06:47 -07:00
bluetooth
cdrom
char This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
clk clk: validate pointer in __clk_disable() 2012-07-30 17:25:13 -07:00
clocksource
connector
cpufreq ARM: arm-soc soc updates, take 2 2012-07-30 09:45:53 -07:00
cpuidle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
crypto This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
dca
devfreq
dio
dma SuperH fixes for 3.6-rc1 merge window 2012-08-02 11:45:42 -07:00
edac Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa
extcon MFD bits for the 3.6 merge window. 2012-07-30 12:41:17 -07:00
firewire - Small fixes and optimizations. 2012-07-30 09:32:39 -07:00
firmware This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
gpio MFD bits for the 3.6 merge window. 2012-07-30 12:41:17 -07:00
gpu Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-07-30 10:06:23 -07:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
hsi
hv This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2012-07-30 10:10:26 -07:00
hwspinlock
i2c This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
ide
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
ieee802154
iio
infiniband Merge branches 'cma', 'ipoib', 'ocrdma' and 'qib' into for-next 2012-07-30 07:47:27 -07:00
input This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
iommu
isdn mISDN: Bugfix only few bytes are transfered on a connection 2012-07-29 23:18:30 -07:00
leds leds-lp8788: forgotten unlock at lp8788_led_work 2012-07-27 08:16:07 +08:00
lguest
macintosh
md Additional md update for 3.6 2012-08-02 11:34:40 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
memory
memstick
message drivers/message/i2o/i2o_config.c: bound allocation 2012-07-30 17:25:17 -07:00
mfd This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
misc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-30 17:25:34 -07:00
mmc Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
mtd Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
net Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
nfc
nubus
of
oprofile
parisc
parport
pci
pcmcia Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
pinctrl
platform Platform: OLPC: move global variables into priv struct 2012-07-31 23:27:31 -04:00
pnp
power Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
pps pps: return PTR_ERR on error in device_create 2012-07-30 17:25:21 -07:00
ps3
ptp
pwm pwm: pwm-tiehrpwm: PWM driver support for EHRPWM 2012-07-26 07:45:20 +02:00
rapidio
regulator regulator: Fix an s5m8767 build failure 2012-07-31 00:51:09 +02:00
remoteproc A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rpmsg A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rtc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-31 19:25:39 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-26 18:09:01 -07:00
sbus
scsi Merge branch 'for-3.6/core' of git://git.kernel.dk/linux-block 2012-08-01 09:02:41 -07:00
sfi
sh Merge branch 'common/irqdomain' into sh-latest 2012-08-01 17:14:52 +09:00
sn
spi Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
ssb
staging Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
target Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
tc
thermal The tag contains just a few battery-related changes for v3.6. It's is 2012-07-31 18:08:25 -07:00
tty serial: sh-sci: fix compilation breakage, when DMA is enabled 2012-08-01 13:48:54 +09:00
uio
usb usb: usb_wwan: replace release and disconnect with a port_remove hook 2012-08-10 11:51:43 -07:00
uwb
vfio vfio: Add PCI device driver 2012-07-31 08:16:24 -06:00
vhost
video fbdev updates for 3.6 2012-08-01 10:45:12 -07:00
virt
virtio
vlynq
vme
w1 Driver core merge for 3.6-rc1 2012-07-26 11:25:33 -07:00
watchdog ARM: arm-soc Marvell Orion device-tree updates 2012-08-02 11:50:24 -07:00
xen
zorro
Kconfig vfio: VFIO core 2012-07-31 08:16:22 -06:00
Makefile vfio: VFIO core 2012-07-31 08:16:22 -06:00