Hi,
Here's a patch against 2.4.5 for the USB bluetooth driver that fixes an
oops that can happen when unplugging the device while the stack is still
running. This problem was found by both Mikko Rahkonen and the CHECKER
project.
thanks,
greg k-h
diff -Nru a/drivers/usb/bluetooth.c b/drivers/usb/bluetooth.c
--- a/drivers/usb/bluetooth.c Mon May 28 23:11:23 2001
+++ b/drivers/usb/bluetooth.c Mon May 28 23:11:23 2001
@@ -1,11 +1,15 @@
/*
- * bluetooth.c Version 0.8
+ * bluetooth.c Version 0.9
*
- * Copyright (c) 2000 Greg Kroah-Hartman <[EMAIL PROTECTED]>
+ * Copyright (c) 2000, 2001 Greg Kroah-Hartman <[EMAIL PROTECTED]>
* Copyright (c) 2000 Mark Douglas Corner <[EMAIL PROTECTED]>
*
* USB Bluetooth driver, based on the Bluetooth Spec version 1.0B
*
+ * (2001/05/28) Version 0.9 gkh
+ * Fixed problem with bluetooth==NULL for bluetooth_read_bulk_callback
+ * which was found by both the CHECKER project and Mikko Rahkonen.
+ *
* (08/04/2001) gb
* Identify version on module load.
*
@@ -97,7 +101,7 @@
/*
* Version Information
*/
-#define DRIVER_VERSION "v0.8"
+#define DRIVER_VERSION "v0.9"
#define DRIVER_AUTHOR "Greg Kroah-Hartman, Mark Douglas Corner"
#define DRIVER_DESC "USB Bluetooth driver"
@@ -845,21 +849,6 @@
unsigned int packet_size;
int result;
-#ifdef BTBUGGYHARDWARE
- if ((count == 4) && (data[0] == 0x00) && (data[1] == 0x00)
- && (data[2] == 0x00) && (data[3] == 0x00)) {
- urb->actual_length = 0;
- FILL_BULK_URB(bluetooth->read_urb, bluetooth->dev,
- usb_rcvbulkpipe(bluetooth->dev,
bluetooth->bulk_in_endpointAddress),
- bluetooth->bulk_in_buffer,
bluetooth->bulk_in_buffer_size,
- bluetooth_read_bulk_callback, bluetooth);
- result = usb_submit_urb(bluetooth->read_urb);
- if (result)
- err (__FUNCTION__ " - failed resubmitting read urb, error %d",
result);
-
- return;
- }
-#endif
dbg(__FUNCTION__);
@@ -887,6 +876,21 @@
printk ("\n");
}
#endif
+#ifdef BTBUGGYHARDWARE
+ if ((count == 4) && (data[0] == 0x00) && (data[1] == 0x00)
+ && (data[2] == 0x00) && (data[3] == 0x00)) {
+ urb->actual_length = 0;
+ FILL_BULK_URB(bluetooth->read_urb, bluetooth->dev,
+ usb_rcvbulkpipe(bluetooth->dev,
+bluetooth->bulk_in_endpointAddress),
+ bluetooth->bulk_in_buffer,
+bluetooth->bulk_in_buffer_size,
+ bluetooth_read_bulk_callback, bluetooth);
+ result = usb_submit_urb(bluetooth->read_urb);
+ if (result)
+ err (__FUNCTION__ " - failed resubmitting read urb, error %d",
+result);
+
+ return;
+ }
+#endif
/* We add a packet type identifier to the beginning of each
HCI frame. This makes the data in the tty look like a
serial USB devices. Each HCI frame can be broken across
@@ -934,6 +938,9 @@
}
exit:
+ if (!bluetooth || !bluetooth->active)
+ return;
+
FILL_BULK_URB(bluetooth->read_urb, bluetooth->dev,
usb_rcvbulkpipe(bluetooth->dev,
bluetooth->bulk_in_endpointAddress),
bluetooth->bulk_in_buffer, bluetooth->bulk_in_buffer_size,
