github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 23:53:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e218bfc6e7
linux/drivers
History
Wolfgang Frisch e218bfc6e7 USB: io_ti: Fix NULL dereference in chase_port() 
commit 1ee0a224bc upstream.

The tty is NULL when the port is hanging up.
chase_port() needs to check for this.

This patch is intended for stable series.
The behavior was observed and tested in Linux 3.2 and 3.7.1.

Johan Hovold submitted a more elaborate patch for the mainline kernel.

[   56.277883] usb 1-1: edge_bulk_in_callback - nonzero read bulk status received: -84
[   56.278811] usb 1-1: USB disconnect, device number 3
[   56.278856] usb 1-1: edge_bulk_in_callback - stopping read!
[   56.279562] BUG: unable to handle kernel NULL pointer dereference at 00000000000001c8
[   56.280536] IP: [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.281212] PGD 1dc1b067 PUD 1e0f7067 PMD 0
[   56.282085] Oops: 0002 [#1] SMP
[   56.282744] Modules linked in:
[   56.283512] CPU 1
[   56.283512] Pid: 25, comm: khubd Not tainted 3.7.1 #1 innotek GmbH VirtualBox/VirtualBox
[   56.283512] RIP: 0010:[<ffffffff8144e62a>]  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.283512] RSP: 0018:ffff88001fa99ab0  EFLAGS: 00010046
[   56.283512] RAX: 0000000000000046 RBX: 00000000000001c8 RCX: 0000000000640064
[   56.283512] RDX: 0000000000010000 RSI: ffff88001fa99b20 RDI: 00000000000001c8
[   56.283512] RBP: ffff88001fa99b20 R08: 0000000000000000 R09: 0000000000000000
[   56.283512] R10: 0000000000000000 R11: ffffffff812fcb4c R12: ffff88001ddf53c0
[   56.283512] R13: 0000000000000000 R14: 00000000000001c8 R15: ffff88001e19b9f4
[   56.283512] FS:  0000000000000000(0000) GS:ffff88001fd00000(0000) knlGS:0000000000000000
[   56.283512] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   56.283512] CR2: 00000000000001c8 CR3: 000000001dc51000 CR4: 00000000000006e0
[   56.283512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.283512] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   56.283512] Process khubd (pid: 25, threadinfo ffff88001fa98000, task ffff88001fa94f80)
[   56.283512] Stack:
[   56.283512]  0000000000000046 00000000000001c8 ffffffff810578ec ffffffff812fcb4c
[   56.283512]  ffff88001e19b980 0000000000002710 ffffffff812ffe81 0000000000000001
[   56.283512]  ffff88001fa94f80 0000000000000202 ffffffff00000001 0000000000000296
[   56.283512] Call Trace:
[   56.283512]  [<ffffffff810578ec>] ? add_wait_queue+0x12/0x3c
[   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[   56.283512]  [<ffffffff812ffe81>] ? chase_port+0x84/0x2d6
[   56.283512]  [<ffffffff81063f27>] ? try_to_wake_up+0x199/0x199
[   56.283512]  [<ffffffff81263a5c>] ? tty_ldisc_hangup+0x222/0x298
[   56.283512]  [<ffffffff81300171>] ? edge_close+0x64/0x129
[   56.283512]  [<ffffffff810612f7>] ? __wake_up+0x35/0x46
[   56.283512]  [<ffffffff8106135b>] ? should_resched+0x5/0x23
[   56.283512]  [<ffffffff81264916>] ? tty_port_shutdown+0x39/0x44
[   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[   56.283512]  [<ffffffff8125d38c>] ? __tty_hangup+0x307/0x351
[   56.283512]  [<ffffffff812e6ddc>] ? usb_hcd_flush_endpoint+0xde/0xed
[   56.283512]  [<ffffffff8144e625>] ? _raw_spin_lock_irqsave+0x14/0x35
[   56.283512]  [<ffffffff812fd361>] ? usb_serial_disconnect+0x57/0xc2
[   56.283512]  [<ffffffff812ea99b>] ? usb_unbind_interface+0x5c/0x131
[   56.283512]  [<ffffffff8128d738>] ? __device_release_driver+0x7f/0xd5
[   56.283512]  [<ffffffff8128d9cd>] ? device_release_driver+0x1a/0x25
[   56.283512]  [<ffffffff8128d393>] ? bus_remove_device+0xd2/0xe7
[   56.283512]  [<ffffffff8128b7a3>] ? device_del+0x119/0x167
[   56.283512]  [<ffffffff812e8d9d>] ? usb_disable_device+0x6a/0x180
[   56.283512]  [<ffffffff812e2ae0>] ? usb_disconnect+0x81/0xe6
[   56.283512]  [<ffffffff812e4435>] ? hub_thread+0x577/0xe82
[   56.283512]  [<ffffffff8144daa7>] ? __schedule+0x490/0x4be
[   56.283512]  [<ffffffff8105798f>] ? abort_exclusive_wait+0x79/0x79
[   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[   56.283512]  [<ffffffff810570b4>] ? kthread+0x81/0x89
[   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[   56.283512]  [<ffffffff8145387c>] ? ret_from_fork+0x7c/0xb0
[   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[   56.283512] Code: 8b 7c 24 08 e8 17 0b c3 ff 48 8b 04 24 48 83 c4 10 c3 53 48 89 fb 41 50 e8 e0 0a c3 ff 48 89 04 24 e8 e7 0a c3 ff ba 00 00 01 00
<f0> 0f c1 13 48 8b 04 24 89 d1 c1 ea 10 66 39 d1 74 07 f3 90 66
[   56.283512] RIP  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.283512]  RSP <ffff88001fa99ab0>
[   56.283512] CR2: 00000000000001c8
[   56.283512] ---[ end trace 49714df27e1679ce ]---

Signed-off-by: Wolfgang Frisch <wfpub@roembden.net>
Cc: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-06-07 12:49:32 -07:00
..
accessibility
acpi ACPI / EC: Restart transaction even when the IBF flag set 2013-05-19 10:54:49 -07:00
amba
ata ata_piix: Fix DVD not dectected at some Haswell platforms 2013-04-12 09:38:45 -07:00
atm atm/iphase: rename fregt_t -> ffreg_t 2013-02-14 10:49:05 -08:00
auxdisplay
base regmap: cache Fix regcache-rbtree sync 2013-04-12 09:38:43 -07:00
bcma bcma: mips: fix clearing device IRQ 2013-01-17 08:50:41 -08:00
block drivers/block/brd.c: fix brd_lookup_page() race 2013-06-07 12:49:26 -07:00
bluetooth Bluetooth: Add support for Dell[QCA 0cf3:817a] 2013-04-05 10:04:15 -07:00
cdrom
char ipmi: ipmi_devintf: compat_ioctl method fails to take ipmi_mutex 2013-05-19 10:54:49 -07:00
clk clk: Check parent for NULL in clk_change_rate 2012-07-19 08:58:59 -07:00
clocksource
connector
cpufreq cpufreq / Longhaul: Disable driver by default 2013-05-11 13:48:10 -07:00
cpuidle
crypto crypto: mv_cesa requires on CRYPTO_HASH to build 2012-05-15 01:10:06 +00:00
dca dca: check against empty dca_domains list before unregister provider 2013-02-28 06:59:06 -08:00
devfreq
dio
dma pch_dma: Use GFP_ATOMIC because called from interrupt context 2013-05-19 10:54:48 -07:00
edac EDAC: Test correct variable in ->store function 2013-02-03 18:24:41 -06:00
eisa EISA/PCI: Fix bus res reference 2013-04-12 09:38:44 -07:00
firewire firewire: add minor number range check to fw_device_init() 2013-03-04 06:06:41 +08:00
firmware efivars: Handle duplicate names from get_next_variable() 2013-04-05 10:04:36 -07:00
gpio gpiolib: Don't return -EPROBE_DEFER to sysfs, or for invalid gpios 2012-11-05 09:50:41 +01:00
gpu drm/radeon: fix card_posted check for newer asics 2013-06-07 12:49:31 -07:00
hid HID: usbhid: quirk for Realtek Multi-card reader 2013-04-05 10:04:16 -07:00
hsi
hv Drivers: hv: Cleanup error handling in vmbus_open() 2012-10-31 10:02:58 -07:00
hwmon hwmon: fix error return code in abituguru_probe() 2013-05-24 11:14:22 -07:00
hwspinlock hwspinlock: fix __hwspin_lock_request error path 2013-04-12 09:38:46 -07:00
i2c i2c: designware: always clear interrupts before enabling them 2013-05-24 11:14:22 -07:00
ide
idle
ieee802154
infiniband IPoIB: Fix send lockup due to missed TX completion 2013-03-28 12:12:25 -07:00
input Input: sentelic - only report position of first finger as ST coordinates 2013-01-11 09:06:56 -08:00
iommu iommu/amd: Make sure dma_ops are set for hotplug devices 2013-04-05 10:04:18 -07:00
isdn isdn/gigaset: fix zero size border case in debug dump 2013-02-14 10:49:04 -08:00
leds drivers/leds/leds-ot200.c: fix error caused by shifted mask 2013-06-07 12:49:13 -07:00
lguest
macintosh
mca
md dm thin: do not set discard_zeroes_data 2013-05-19 10:54:48 -07:00
media media: mantis: fix silly crash case 2013-05-24 11:14:23 -07:00
memstick
message
mfd mfd: adp5520: Restore mode bits on resume 2013-05-07 19:51:57 -07:00
misc SGI-XP: handle non-fatal traps 2013-01-11 09:06:29 -08:00
mmc mmc: atmel-mci: pio hang on block errors 2013-05-07 19:51:57 -07:00
mtd vm: convert mtdchar mmap to vm_iomap_memory() helper 2013-04-25 21:19:56 -07:00
net r8169: fix vlan tag read ordering. 2013-05-19 10:54:48 -07:00
nfc NFC: pn533: Fix mem leak in pn533_in_dep_link_up 2012-12-03 11:47:12 -08:00
nubus
of
oprofile oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array 2012-07-16 09:04:21 -07:00
parisc parisc: move definition of PAGE0 to asm/page.h 2012-05-10 15:12:08 -07:00
parport
pci PCI/PM: Fix fallback to PCI_D0 in pci_platform_power_transition() 2013-05-07 19:51:55 -07:00
pcmcia pcmcia/vrc4171: Add missing spinlock init 2013-02-28 06:59:05 -08:00
pinctrl pinctrl: tegra: set low power mode bank width to 2 2012-10-28 10:14:14 -07:00
platform hp_accel: Ignore the error from lis3lv02d_poweron() at resume 2013-05-19 10:54:38 -07:00
pnp pnpacpi: fix incorrect TEST_ALPHA() test 2013-01-11 09:06:29 -08:00
power ab8500_btemp: Demote initcall sequence 2013-03-04 06:06:44 +08:00
pps
ps3
ptp ptp_pch: Add missing #include <linux/slab.h> 2012-05-16 14:44:44 -04:00
rapidio rapidio/tsi721: fix unused variable compiler warning 2012-09-14 10:00:20 -07:00
regulator regulator: wm831x: Set the new rather than old value for DVS VSEL 2013-01-17 08:50:41 -08:00
remoteproc remoteproc: fix a potential NULL-dereference on cleanup 2012-10-07 08:32:28 -07:00
rpmsg rpmsg: fix dependency on initialization order 2012-07-19 08:58:57 -07:00
rtc drivers/rtc/rtc-pcf2123.c: fix error return code in pcf2123_probe() 2013-05-19 10:54:49 -07:00
s390 s390/memory hotplug: prevent offline of active memory increments 2013-05-07 19:51:53 -07:00
sbus
scsi SCSI: sd: fix array cache flushing bug causing performance problems 2013-05-19 10:54:39 -07:00
sfi
sh
sn
spi spi/mpc512x-psc: optionally keep PSC SS asserted across xfer segmensts 2013-04-12 09:38:43 -07:00
ssb ssb: implement spurious tone avoidance 2013-04-25 21:19:55 -07:00
staging staging: vt6656: use free_netdev instead of kfree 2013-06-07 12:49:10 -07:00
target iscsi-target: fix heap buffer overflow on error 2013-06-07 12:49:29 -07:00
tc
thermal thermal: return an error on failure to register thermal class 2013-04-12 09:38:47 -07:00
tty TTY: Fix tty miss restart after we turn off flow-control 2013-06-07 12:49:11 -07:00
uio
usb USB: io_ti: Fix NULL dereference in chase_port() 2013-06-07 12:49:32 -07:00
uwb
vhost vhost/net: fix heads usage of ubuf_info 2013-03-28 12:11:54 -07:00
video fbcon: when font is freed, clear also vc_font.data 2013-05-07 19:51:53 -07:00
virt
virtio virtio: force vring descriptors to be allocated from lowmem 2013-01-11 09:06:47 -08:00
vlynq
w1 w1: fix oops when w1_search is called from netlink connector 2013-03-20 13:04:59 -07:00
watchdog hpwdt: Fix kdump issue in hpwdt 2012-10-02 10:30:08 -07:00
xen xen/pciback: Don't disable a PCI device that is already disabled. 2013-03-20 13:04:57 -07:00
zorro
Kconfig
Makefile