linux/drivers
Johan Hovold a65a6f14dc USB: serial: fix race between probe and open
Fix race between probe and open by making sure that the disconnected
flag is not cleared until all ports have been registered.

A call to tty_open while probe is running may get a reference to the
serial structure in serial_install before its ports have been
registered. This may lead to usb_serial_core calling driver open before
port is fully initialised.

With ftdi_sio this result in the following NULL-pointer dereference as
the private data has not been initialised at open:

[  199.698286] IP: [<f811a089>] ftdi_open+0x59/0xe0 [ftdi_sio]
[  199.698297] *pde = 00000000
[  199.698303] Oops: 0000 [#1] PREEMPT SMP
[  199.698313] Modules linked in: ftdi_sio usbserial
[  199.698323]
[  199.698327] Pid: 1146, comm: ftdi_open Not tainted 3.2.11 #70 Dell Inc. Vostro 1520/0T816J
[  199.698339] EIP: 0060:[<f811a089>] EFLAGS: 00010286 CPU: 0
[  199.698344] EIP is at ftdi_open+0x59/0xe0 [ftdi_sio]
[  199.698348] EAX: 0000003e EBX: f5067000 ECX: 00000000 EDX: 80000600
[  199.698352] ESI: f48d8800 EDI: 00000001 EBP: f515dd54 ESP: f515dcfc
[  199.698356]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  199.698361] Process ftdi_open (pid: 1146, ti=f515c000 task=f481e040 task.ti=f515c000)
[  199.698364] Stack:
[  199.698368]  f811a9fe f811a9e0 f811b3ef 00000000 00000000 00001388 00000000 f4a86800
[  199.698387]  00000002 00000000 f806e68e 00000000 f532765c f481e040 00000246 22222222
[  199.698479]  22222222 22222222 22222222 f5067004 f5327600 f5327638 f515dd74 f806e6ab
[  199.698496] Call Trace:
[  199.698504]  [<f806e68e>] ? serial_activate+0x2e/0x70 [usbserial]
[  199.698511]  [<f806e6ab>] serial_activate+0x4b/0x70 [usbserial]
[  199.698521]  [<c126380c>] tty_port_open+0x7c/0xd0
[  199.698527]  [<f806e660>] ? serial_set_termios+0xa0/0xa0 [usbserial]
[  199.698534]  [<f806e76f>] serial_open+0x2f/0x70 [usbserial]
[  199.698540]  [<c125d07c>] tty_open+0x20c/0x510
[  199.698546]  [<c10e9eb7>] chrdev_open+0xe7/0x230
[  199.698553]  [<c10e48f2>] __dentry_open+0x1f2/0x390
[  199.698559]  [<c144bfec>] ? _raw_spin_unlock+0x2c/0x50
[  199.698565]  [<c10e4b76>] nameidata_to_filp+0x66/0x80
[  199.698570]  [<c10e9dd0>] ? cdev_put+0x20/0x20
[  199.698576]  [<c10f3e08>] do_last+0x198/0x730
[  199.698581]  [<c10f4440>] path_openat+0xa0/0x350
[  199.698587]  [<c10f47d5>] do_filp_open+0x35/0x80
[  199.698593]  [<c144bfec>] ? _raw_spin_unlock+0x2c/0x50
[  199.698599]  [<c10ff110>] ? alloc_fd+0xc0/0x100
[  199.698605]  [<c10f0b72>] ? getname_flags+0x72/0x120
[  199.698611]  [<c10e4450>] do_sys_open+0xf0/0x1c0
[  199.698617]  [<c11fcc08>] ? trace_hardirqs_on_thunk+0xc/0x10
[  199.698623]  [<c10e458e>] sys_open+0x2e/0x40
[  199.698628]  [<c144c990>] sysenter_do_call+0x12/0x36
[  199.698632] Code: 85 89 00 00 00 8b 16 8b 4d c0 c1 e2 08 c7 44 24 14 88 13 00 00 81 ca 00 00 00 80 c7 44 24 10 00 00 00 00 c7 44 24 0c 00 00 00 00 <0f> b7 41 78 31 c9 89 44 24 08 c7 44 24 04 00 00 00 00 c7 04 24
[  199.698884] EIP: [<f811a089>] ftdi_open+0x59/0xe0 [ftdi_sio] SS:ESP 0068:f515dcfc
[  199.698893] CR2: 0000000000000078
[  199.698925] ---[ end trace 77c43ec023940cff ]---

Reported-and-tested-by: Ken Huang <csuhgw@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-10 13:35:53 -07:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-04-06 19:56:04 -07:00
amba
ata 1) AHCI regression fix. A recent "make driver conform to spec" change 2012-03-22 20:22:30 -07:00
atm Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
auxdisplay
base regmap: A couple of small fixes for 3.4 2012-04-07 09:56:00 -07:00
bcma
block Two fixes for regressions: 2012-04-06 17:54:53 -07:00
bluetooth Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
cdrom powerpc: Remove some of the legacy iSeries specific device drivers 2012-03-16 09:28:05 +11:00
char Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2012-04-06 17:56:20 -07:00
clk clk: make CONFIG_COMMON_CLK invisible 2012-03-19 09:37:11 +00:00
clocksource Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
connector
cpufreq ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
cpuidle Merge branches 'idle-fix' and 'misc' into release 2012-04-06 21:48:59 -04:00
crypto Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-03-22 18:15:32 -07:00
dca
devfreq ARM: global cleanups 2012-03-27 16:03:32 -07:00
dio
dma Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
edac Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2012-04-06 17:56:20 -07:00
eisa
firewire Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
firmware
gpio gpio: tegra: Iterate over the correct number of banks 2012-04-04 13:13:18 -06:00
gpu Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
hid simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
hsi
hv Tools: hv: Support enumeration from all the pools 2012-03-16 13:36:04 -07:00
hwmon hwmon: (ad7314) Adds missing spi_dev initialization 2012-04-03 17:08:28 -07:00
hwspinlock
i2c Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
ide Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
idle simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
ieee802154
infiniband Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-03-29 23:17:44 -07:00
iommu Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
leds MFD changes for 3.4 2012-03-28 13:56:35 -07:00
lguest
macintosh Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mca
md md/raid1,raid10: don't compare excess byte during consistency check. 2012-04-03 15:39:23 +10:00
media ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
memstick memstick: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:19 +08:00
message Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mfd Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
misc Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
mmc mmc: use really long write timeout to deal with crappy cards 2012-04-05 20:32:34 -04:00
mtd Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
net Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2012-04-06 17:56:20 -07:00
nfc
nubus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
of GPIO changes for v3.4 2012-03-28 14:08:46 -07:00
oprofile simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
parisc Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
parport
pci Two fixes for regressions: 2012-04-06 17:54:53 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2012-03-29 16:00:48 -07:00
pinctrl
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
power Various small bugfixes and enhancements, plus two new drivers: 2012-03-30 16:09:02 -07:00
pps
ps3
ptp phc: Update author's email address. 2012-03-17 01:41:43 -07:00
rapidio rapidio/tsi721: fix bug in register offset definitions 2012-03-15 17:03:03 -07:00
regulator regulator: Fixes for -rc1 2012-04-04 10:09:30 -07:00
remoteproc simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
rpmsg
rtc Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
s390 Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
sbus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
scsi Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
sfi
sh SuperH updates for 3.4 merge window 2012-03-30 00:09:17 -07:00
sn
spi Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
staging Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
target tcm_fc: Do not free tpg structure during wq allocation failure 2012-04-06 18:57:05 -07:00
tc
thermal thermal: Fix for setting the thermal zone mode to enable/disable 2012-03-22 01:10:18 -04:00
tty SuperH updates for 3.4-rc1 2012-04-07 09:52:46 -07:00
uio
usb USB: serial: fix race between probe and open 2012-04-10 13:35:53 -07:00
uwb simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
vhost Merge branch 'vhost-net' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost 2012-03-23 14:46:48 -04:00
video ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
virt
virtio virtio-pci: switch to PM ops macro to initialise PM functions 2012-03-31 08:09:51 +05:30
vlynq
w1
watchdog ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
xen Two fixes for regressions: 2012-04-06 17:54:53 -07:00
zorro
Kconfig Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00
Makefile Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00