linux

History

Bjørn Mork d9b8706843 net: qmi_wwan: fix Oops while disconnecting usbnet_disconnect() will set intfdata to NULL before calling the minidriver unbind function. The cdc_wdm subdriver cannot know that it is disconnecting until the qmi_wwan unbind function has called its disconnect function. This means that we must be able to support the cdc_wdm subdriver operating normally while usbnet_disconnect() is running, and in particular that intfdata may be NULL. The only place this matters is in qmi_wwan_cdc_wdm_manage_power which is called from cdc_wdm. Simply testing for NULL intfdata there is sufficient to allow it to continue working at all times. Fixes this Oops where a cdc-wdm device was closed while the USB device was disconnecting, causing wdm_release to call qmi_wwan_cdc_wdm_manage_power after intfdata was set to NULL by usbnet_disconnect: [41819.087460] BUG: unable to handle kernel NULL pointer dereference at 00000080 [41819.087815] IP: [<f8640458>] qmi_wwan_manage_power+0x68/0x90 [qmi_wwan] [41819.088028] pdpt = 000000000314f001 pde = 0000000000000000 [41819.088028] Oops: 0002 [#1] SMP [41819.088028] Modules linked in: qmi_wwan option usb_wwan usbserial usbnet cdc_wdm nls_iso8859_1 nls_cp437 vfat fat usb_storage bnep rfcomm bluetooth parport_pc ppdev binfmt_misc iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_mangle iptable_filter ip_tables x_tables dm_crypt uvcvideo snd_hda_codec_realtek snd_hda_intel videobuf2_core snd_hda_codec joydev videodev videobuf2_vmalloc hid_multitouch snd_hwdep arc4 videobuf2_memops snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event ath9k mac80211 snd_seq ath9k_common ath9k_hw ath snd_timer snd_seq_device sparse_keymap dm_multipath scsi_dh coretemp mac_hid snd soundcore cfg80211 snd_page_alloc psmouse serio_raw microcode lp parport dm_mirror dm_region_hash dm_log usbhid hid i915 drm_kms_helper drm r8169 i2c_algo_bit wmi video [last unloaded: qmi_wwan] [41819.088028] [41819.088028] Pid: 23292, comm: qmicli Not tainted 3.4.0-5-generic #11-Ubuntu GIGABYTE T1005/T1005 [41819.088028] EIP: 0060:[<f8640458>] EFLAGS: 00010246 CPU: 1 [41819.088028] EIP is at qmi_wwan_manage_power+0x68/0x90 [qmi_wwan] [41819.088028] EAX: 00000000 EBX: 00000000 ECX: 000000c3 EDX: 00000000 [41819.088028] ESI: c3b27658 EDI: 00000000 EBP: c298bea4 ESP: c298be98 [41819.088028] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [41819.088028] CR0: 8005003b CR2: 00000080 CR3: `3605e000` CR4: 000007f0 [41819.088028] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [41819.088028] DR6: ffff0ff0 DR7: 00000400 [41819.088028] Process qmicli (pid: 23292, ti=c298a000 task=f343b280 task.ti=c298a000) [41819.088028] Stack: [41819.088028] 00000000 c3b27658 e2a80d00 c298beb0 f864051a c3b27600 c298bec0 f9027099 [41819.088028] c2fd6000 00000008 c298bef0 c1147f96 00000001 00000000 00000000 f4e54790 [41819.088028] ecf43a00 ecf43a00 c2fd6008 c2fd6000 ebbd7600 ffffffb9 c298bf08 c1144474 [41819.088028] Call Trace: [41819.088028] [<f864051a>] qmi_wwan_cdc_wdm_manage_power+0x1a/0x20 [qmi_wwan] [41819.088028] [<f9027099>] wdm_release+0x69/0x70 [cdc_wdm] [41819.088028] [<c1147f96>] fput+0xe6/0x210 [41819.088028] [<c1144474>] filp_close+0x54/0x80 [41819.088028] [<c1046a65>] put_files_struct+0x75/0xc0 [41819.088028] [<c1046b56>] exit_files+0x46/0x60 [41819.088028] [<c1046f81>] do_exit+0x141/0x780 [41819.088028] [<c107248f>] ? wake_up_state+0xf/0x20 [41819.088028] [<c1053f48>] ? signal_wake_up+0x28/0x40 [41819.088028] [<c1054f3b>] ? zap_other_threads+0x6b/0x80 [41819.088028] [<c1047864>] do_group_exit+0x34/0xa0 [41819.088028] [<c10478e8>] sys_exit_group+0x18/0x20 [41819.088028] [<c15bb7df>] sysenter_do_call+0x12/0x28 [41819.088028] Code: 04 83 e7 01 c1 e7 03 0f b6 42 18 83 e0 f7 09 f8 88 42 18 8b 43 04 e8 48 9a dd c8 89 f0 8b 5d f4 8b 75 f8 8b 7d fc 89 ec 5d c3 90 <f0> ff 88 80 00 00 00 0f 94 c0 84 c0 75 b7 31 f6 8b 5d f4 89 f0 [41819.088028] EIP: [<f8640458>] qmi_wwan_manage_power+0x68/0x90 [qmi_wwan] SS:ESP 0068:c298be98 [41819.088028] CR2: 0000000000000080 [41819.149492] ---[ end trace 0944479ff8257f55 ]--- Reported-by: Marius Bjørnstad Kotsbak <marius.kotsbak@gmail.com> Cc: <stable@vger.kernel.org> # v3.4 Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>		2012-06-28 16:53:28 -07:00
..
accessibility
acpi	Merge branches 'bugfix-battery', 'bugfix-misc', 'bugfix-rafael', 'bugfix-turbostat', 'bugfix-video' and 'workaround-pss' into release	2012-06-04 00:48:41 -04:00
amba	arm-soc: driver specific updates	2012-05-26 12:22:27 -07:00
ata	Viresh has moved	2012-06-20 14:39:36 -07:00
atm	solos-pci: Fix DMA support	2012-05-24 16:22:53 -04:00
auxdisplay
base	Driver core and printk fixes for 3.5-rc4	2012-06-20 15:14:28 -07:00
bcma	bcma: fix null pointer in bcma_core_pci_irq_ctl	2012-06-08 13:47:07 -04:00
block	mtip32xx: Changes to sysfs entries	2012-05-31 08:46:50 +02:00
bluetooth	Bluetooth: btmrvl: Do not send vendor events to bluetooth stack	2012-06-19 00:19:11 -03:00
cdrom
char	Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2012-06-18 12:20:36 -07:00
clk	clk: mxs: fix clock lookup after freeing init memory	2012-06-25 16:51:48 -07:00
clocksource	clocksource: sh_tmu: Use clockevents_config_and_register().	2012-06-11 17:10:16 +09:00
connector
cpufreq
cpuidle
crypto	arm-soc: clock driver changes	2012-05-26 12:42:29 -07:00
dca
devfreq	Power management updates for 3.5	2012-05-23 14:07:06 -07:00
dio
dma	Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma	2012-06-20 22:12:52 -07:00
edac	edac: Do alignment logic properly in edac_align_ptr()	2012-06-11 12:43:16 -03:00
eisa
extcon	extcon: max8997: Add missing kfree for info->edev in max8997_muic_remove()	2012-06-18 16:30:42 -07:00
firewire	IEEE 1394 (FireWire) subsystem updates post v3.4:	2012-05-24 12:57:47 -07:00
firmware
gpio	gpio/samsung: fix the typo 'exynos5_xxx' instead of 'exonys5_xxx'	2012-06-03 21:21:01 -07:00
gpu	Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes	2012-06-27 19:56:20 +01:00
hid	Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid	2012-06-26 11:23:41 -07:00
hsi
hv	Driver core pull for 3.5-rc1	2012-05-22 16:02:13 -07:00
hwmon	hwmon: Update my e-mail address	2012-06-25 06:46:24 -07:00
hwspinlock
i2c	i2c: Add generic I2C multiplexer using pinctrl API	2012-06-04 16:49:43 +02:00
ide	drivers/ide/ide-cs.c: adjust suspicious bit operation	2012-06-12 15:51:41 -07:00
idle
ieee802154
iio	iio: drop wrong reference from Kconfig	2012-06-14 17:28:46 -07:00
infiniband	Merge branches 'cma' and 'ocrdma' into for-linus	2012-06-24 04:59:59 -07:00
input	i2c: Split I2C_M_NOSTART support out of I2C_FUNC_PROTOCOL_MANGLING	2012-05-30 10:55:34 +02:00
iommu	iommu/amd: Fix deadlock in ppr-handling error path	2012-06-04 12:47:44 +02:00
isdn	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2012-05-24 11:54:29 -07:00
leds	leds: Make LEDS_ASIC3 and LEDS_RENESAS_TPU depend on LEDS_CLASS=y	2012-06-12 10:56:25 +08:00
lguest
macintosh
md	md: 2 fixes for 3.5-rc	2012-06-06 09:49:28 -07:00
media	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2012-06-25 14:53:09 -07:00
memory
memstick
message	Merge branch 'akpm' (Andrew's patch-bomb)	2012-05-31 18:10:18 -07:00
mfd	Viresh has moved	2012-06-20 14:39:36 -07:00
misc	misc: mei: set WDIOF_ALARMONLY on mei watchdog	2012-06-13 15:34:31 -07:00
mmc	Revert "mmc: omap_hsmmc: Enable Auto CMD12"	2012-06-26 16:10:30 -04:00
mtd	Fix the debugfs regression - we never enable it because incorrect	2012-06-28 11:41:43 -07:00
net	net: qmi_wwan: fix Oops while disconnecting	2012-06-28 16:53:28 -07:00
nfc	NFC: potential integer overflow problem in check_crc()	2012-05-25 11:16:16 -04:00
nubus
of	Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2012-05-29 18:27:19 -07:00
oprofile
parisc	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2012-05-22 19:22:50 -07:00
parport	Driver core pull for 3.5-rc1	2012-05-22 16:02:13 -07:00
pci	USB: add NO_D3_DURING_SLEEP flag and revert `151b612847`	2012-06-13 13:11:39 -07:00
pcmcia
pinctrl	Merge branch 'akpm' (Andrew's patch-bomb)	2012-06-20 14:41:57 -07:00
platform	drivers/platform/x86/acerhdf.c: correct Boris' mail address	2012-06-07 14:43:55 -07:00
pnp
power	A bunch of fixes for v3.5, nothing extraordinary.	2012-05-31 12:10:15 -07:00
pps
ps3
ptp	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2012-05-22 19:22:50 -07:00
rapidio	rapidio/tsi721: add DMA engine support	2012-05-31 17:49:31 -07:00
regulator	regulator: palmas: fix regmap offsets for enable/disable	2012-06-23 11:37:28 +01:00
remoteproc	remoteproc/omap: fix dev_err typo	2012-06-17 10:31:03 +03:00
rpmsg
rtc	Merge branches 'bugfix-battery', 'bugfix-misc', 'bugfix-rafael', 'bugfix-turbostat', 'bugfix-video' and 'workaround-pss' into release	2012-06-04 00:48:41 -04:00
s390	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux	2012-05-31 10:51:10 -07:00
sbus
scsi	SCSI & usb-storage: add try_rc_10_first flag	2012-06-22 22:05:31 -07:00
sfi
sh	sh: intc: Kill off special reservation interface.	2012-05-22 19:07:55 +09:00
sn
spi	SPI: fix over-eager devm_xxx() conversion	2012-06-18 11:27:04 +01:00
ssb
staging	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2012-06-25 14:53:09 -07:00
target	target: Return error to initiator if SET TARGET PORT GROUPS emulation fails	2012-06-12 20:12:25 -07:00
tc
thermal
tty	Serial driver fixes for 3.5-rc4	2012-06-20 15:13:13 -07:00
uio
usb	USB: CP210x Add 10 Device IDs	2012-06-26 16:14:34 -07:00
uwb
vhost	vhost: use USER_DS in vhost_worker thread	2012-06-26 21:10:56 -07:00
video	fbdev fixes for 3.5	2012-06-16 16:59:05 -07:00
virt
virtio
vlynq
vme
w1	arm-soc: clock driver changes	2012-05-26 12:42:29 -07:00
watchdog	watchdog: core: fix WDIOC_GETSTATUS return value	2012-06-28 20:40:56 +02:00
xen	Five bug-fixes:	2012-06-15 17:17:15 -07:00
zorro
Kconfig	Staging tree pull request for 3.5-rc1	2012-05-22 16:34:21 -07:00
Makefile	arm-soc: driver specific updates	2012-05-26 12:22:27 -07:00