redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers
History
Wolfgang Frisch 1ee0a224bc USB: io_ti: Fix NULL dereference in chase_port() 
The tty is NULL when the port is hanging up.
chase_port() needs to check for this.

This patch is intended for stable series.
The behavior was observed and tested in Linux 3.2 and 3.7.1.

Johan Hovold submitted a more elaborate patch for the mainline kernel.

[   56.277883] usb 1-1: edge_bulk_in_callback - nonzero read bulk status received: -84
[   56.278811] usb 1-1: USB disconnect, device number 3
[   56.278856] usb 1-1: edge_bulk_in_callback - stopping read!
[   56.279562] BUG: unable to handle kernel NULL pointer dereference at 00000000000001c8
[   56.280536] IP: [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.281212] PGD 1dc1b067 PUD 1e0f7067 PMD 0
[   56.282085] Oops: 0002 [#1] SMP
[   56.282744] Modules linked in:
[   56.283512] CPU 1
[   56.283512] Pid: 25, comm: khubd Not tainted 3.7.1 #1 innotek GmbH VirtualBox/VirtualBox
[   56.283512] RIP: 0010:[<ffffffff8144e62a>]  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.283512] RSP: 0018:ffff88001fa99ab0  EFLAGS: 00010046
[   56.283512] RAX: 0000000000000046 RBX: 00000000000001c8 RCX: 0000000000640064
[   56.283512] RDX: 0000000000010000 RSI: ffff88001fa99b20 RDI: 00000000000001c8
[   56.283512] RBP: ffff88001fa99b20 R08: 0000000000000000 R09: 0000000000000000
[   56.283512] R10: 0000000000000000 R11: ffffffff812fcb4c R12: ffff88001ddf53c0
[   56.283512] R13: 0000000000000000 R14: 00000000000001c8 R15: ffff88001e19b9f4
[   56.283512] FS:  0000000000000000(0000) GS:ffff88001fd00000(0000) knlGS:0000000000000000
[   56.283512] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   56.283512] CR2: 00000000000001c8 CR3: 000000001dc51000 CR4: 00000000000006e0
[   56.283512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.283512] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   56.283512] Process khubd (pid: 25, threadinfo ffff88001fa98000, task ffff88001fa94f80)
[   56.283512] Stack:
[   56.283512]  0000000000000046 00000000000001c8 ffffffff810578ec ffffffff812fcb4c
[   56.283512]  ffff88001e19b980 0000000000002710 ffffffff812ffe81 0000000000000001
[   56.283512]  ffff88001fa94f80 0000000000000202 ffffffff00000001 0000000000000296
[   56.283512] Call Trace:
[   56.283512]  [<ffffffff810578ec>] ? add_wait_queue+0x12/0x3c
[   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[   56.283512]  [<ffffffff812ffe81>] ? chase_port+0x84/0x2d6
[   56.283512]  [<ffffffff81063f27>] ? try_to_wake_up+0x199/0x199
[   56.283512]  [<ffffffff81263a5c>] ? tty_ldisc_hangup+0x222/0x298
[   56.283512]  [<ffffffff81300171>] ? edge_close+0x64/0x129
[   56.283512]  [<ffffffff810612f7>] ? __wake_up+0x35/0x46
[   56.283512]  [<ffffffff8106135b>] ? should_resched+0x5/0x23
[   56.283512]  [<ffffffff81264916>] ? tty_port_shutdown+0x39/0x44
[   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[   56.283512]  [<ffffffff8125d38c>] ? __tty_hangup+0x307/0x351
[   56.283512]  [<ffffffff812e6ddc>] ? usb_hcd_flush_endpoint+0xde/0xed
[   56.283512]  [<ffffffff8144e625>] ? _raw_spin_lock_irqsave+0x14/0x35
[   56.283512]  [<ffffffff812fd361>] ? usb_serial_disconnect+0x57/0xc2
[   56.283512]  [<ffffffff812ea99b>] ? usb_unbind_interface+0x5c/0x131
[   56.283512]  [<ffffffff8128d738>] ? __device_release_driver+0x7f/0xd5
[   56.283512]  [<ffffffff8128d9cd>] ? device_release_driver+0x1a/0x25
[   56.283512]  [<ffffffff8128d393>] ? bus_remove_device+0xd2/0xe7
[   56.283512]  [<ffffffff8128b7a3>] ? device_del+0x119/0x167
[   56.283512]  [<ffffffff812e8d9d>] ? usb_disable_device+0x6a/0x180
[   56.283512]  [<ffffffff812e2ae0>] ? usb_disconnect+0x81/0xe6
[   56.283512]  [<ffffffff812e4435>] ? hub_thread+0x577/0xe82
[   56.283512]  [<ffffffff8144daa7>] ? __schedule+0x490/0x4be
[   56.283512]  [<ffffffff8105798f>] ? abort_exclusive_wait+0x79/0x79
[   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[   56.283512]  [<ffffffff810570b4>] ? kthread+0x81/0x89
[   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[   56.283512]  [<ffffffff8145387c>] ? ret_from_fork+0x7c/0xb0
[   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[   56.283512] Code: 8b 7c 24 08 e8 17 0b c3 ff 48 8b 04 24 48 83 c4 10 c3 53 48 89 fb 41 50 e8 e0 0a c3 ff 48 89 04 24 e8 e7 0a c3 ff ba 00 00 01 00
<f0> 0f c1 13 48 8b 04 24 89 d1 c1 ea 10 66 39 d1 74 07 f3 90 66
[   56.283512] RIP  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[   56.283512]  RSP <ffff88001fa99ab0>
[   56.283512] CR2: 00000000000001c8
[   56.283512] ---[ end trace 49714df27e1679ce ]---

Signed-off-by: Wolfgang Frisch <wfpub@roembden.net>
Cc: Johan Hovold <jhovold@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-17 17:34:39 -08:00
..
accessibility
acpi Merge branch 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-14 10:03:23 -08:00
amba Merge tag 'tegra-for-3.8-fixes-for-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/swarren/linux-tegra into fixes 2012-12-17 10:04:27 -08:00
ata 1) More ACPI fixes 2012-12-15 12:37:18 -08:00
atm solos-pci: double lock in geos_gpio_store() 2012-12-21 13:14:00 -08:00
auxdisplay
base vfs: turn is_dir argument to kern_path_create into a lookup_flags arg 2012-12-20 18:50:02 -05:00
bcma MTD pull for 3.8 2012-12-19 12:47:41 -08:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-12-20 14:00:13 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
bus ARM: OMAP: Fix drivers to depend on omap for internal devices 2012-12-16 15:23:37 -08:00
cdrom
char Some nice cleanups, and even a patch my wife did as a "live" demo for 2012-12-20 08:37:05 -08:00
clk MTD pull for 3.8 2012-12-19 12:47:41 -08:00
clocksource ARM: arm-soc: Updates for Marvell mvebu/kirkwood 2012-12-14 14:54:26 -08:00
connector
cpufreq ACPI and power management updates for 3.8-rc1 2012-12-11 12:45:35 -08:00
cpuidle ARM: arm-soc: SoC updates for 3.8 2012-12-12 12:05:15 -08:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
dca
devfreq Merge branch 'pm-devfreq' 2012-12-07 23:13:36 +01:00
dio
dma dmatest: check for dma mapping error 2012-12-17 17:15:13 -08:00
edac Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-12-14 14:27:45 -08:00
eisa
extcon
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
firmware drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists 2012-12-20 17:40:19 -08:00
gpio gpio/mvebu-gpio: Make mvebu-gpio depend on OF_CONFIG 2012-12-19 22:15:14 +00:00
gpu Revert "drm: tegra: protect DC register access with mutex" 2012-12-30 21:58:20 +10:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-12-13 19:22:22 -08:00
hsi
hv
hwmon hwmon: (emc6w201) Fix DIV_ROUND_CLOSEST problem with unsigned divisors 2012-12-22 02:16:40 -08:00
hwspinlock
i2c i2c: remove __dev* attributes from subsystem 2012-12-22 20:13:45 +01:00
ide
idle
iio This is the MFD patch set for the 3.8 merge window. 2012-12-16 18:55:20 -08:00
infiniband Second batch of InfiniBand/RDMA changes for 3.8: 2012-12-21 16:40:26 -08:00
input Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-19 12:56:42 -08:00
iommu IOMMU Updates for Linux v3.8 2012-12-20 10:07:25 -08:00
ipack TTY/Serial merge for 3.8-rc1 2012-12-11 14:08:47 -08:00
irqchip ARM: arm-soc: Device-tree updates, take 2 2012-12-14 14:42:53 -08:00
isdn mISDN: fix race in timer canceling on module unloading 2012-12-14 13:14:07 -05:00
leds leds: leds-gpio: set devm_gpio_request_one() flags param correctly 2013-01-02 17:58:41 -08:00
lguest lguest: fix typo 2012-12-18 15:19:06 +10:30
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
md Miscellaneous device-mapper fixes, cleanups and performance improvements. 2012-12-21 17:08:06 -08:00
media ARM: arm-soc: late cleanups for omap 2012-12-30 09:59:21 -08:00
memory
memstick
message drivers/message/fusion/mptscsih.c: missing break 2012-12-18 15:02:12 -08:00
mfd ARM: arm-soc fixes for 3.8 2012-12-20 07:21:54 -08:00
misc Merge git://www.linux-watchdog.org/linux-watchdog 2012-12-21 17:10:29 -08:00
mmc This is the MFD patch set for the 3.8 merge window. 2012-12-16 18:55:20 -08:00
mtd Nothing exciting, just clean-ups and nicification. Oh, and one small 2012-12-20 07:39:03 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-12-27 10:40:30 -08:00
nfc
nubus
of of: Fix export of of_find_matching_node_and_match() 2012-12-19 10:58:53 +00:00
oprofile
parisc
parport
pci PCI: Reduce Ricoh 0xe822 SD card reader base clock frequency to 50MHz 2012-12-26 10:43:06 -07:00
pcmcia ARM: arm-soc: Header cleanups 2012-12-12 11:45:16 -08:00
pinctrl pinctrl: exynos5440/samsung: Staticize pcfgs 2012-12-18 19:00:25 -08:00
platform Corentin has moved 2012-12-17 17:15:14 -08:00
pnp Driver core updates for 3.8-rc1 2012-12-11 13:13:55 -08:00
power ARM: arm-soc: late cleanups for omap 2012-12-30 09:59:21 -08:00
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
pwm pwm: Changes for v3.8-rc1 2012-12-19 08:19:07 -08:00
rapidio Driver core updates for 3.8-rc1 2012-12-11 13:13:55 -08:00
regulator Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
remoteproc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
rpmsg virtio: rpmsg: make it clear that virtqueue_add_buf() no longer returns > 0 2012-12-18 15:20:36 +10:30
rtc revert "rtc: recycle id when unloading a rtc driver" 2012-12-20 17:40:20 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-12-13 14:20:19 -08:00
sbus
scsi Second batch of InfiniBand/RDMA changes for 3.8: 2012-12-21 16:40:26 -08:00
sfi
sh
sn
spi spi/sh-hspi: fix return value check in hspi_probe(). 2012-12-19 15:11:41 +00:00
ssb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-12-14 14:27:45 -08:00
staging Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-12-17 15:44:47 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
tc
thermal Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
tty Merge branch 'omap-for-v3.8/fixes-for-merge-window' into omap-for-v3.8/fixes-for-merge-window-v2 2012-12-16 11:28:10 -08:00
uio ARM: arm-soc: SoC updates for 3.8 2012-12-12 12:05:15 -08:00
usb USB: io_ti: Fix NULL dereference in chase_port() 2013-01-17 17:34:39 -08:00
uwb
vfio vfio-pci: Enable device before attempting reset 2012-12-07 13:43:51 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
video backlight: locomolcd: fix checkpatch error and warning 2012-12-18 15:02:11 -08:00
virt Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
virtio Some nice cleanups, and even a patch my wife did as a "live" demo for 2012-12-20 08:37:05 -08:00
vlynq
vme
w1 ARM: OMAP: Fix drivers to depend on omap for internal devices 2012-12-16 15:23:37 -08:00
watchdog watchdog: twl4030_wdt: add DT support 2013-01-02 12:07:05 +01:00
xen Feature: 2012-12-16 17:39:14 -08:00
zorro
Kconfig
Makefile