OK, if I got you right, usb-serial is not supposed to
access any USB stuff after usb_serial_disconnect
because device to driver association is already broken
(even if usb_device structure is still 
in memory by means of ref counting),


In fact, I just noticed the following comment
(in usb_get_dev):

 * usb_get_dev - increments the reference count of the
usb device structure
 * @dev: the device being referenced
 *
 * Each live reference to a device should be
refcounted.
 *
 * Drivers for USB interfaces should normally record
such references in
 * their probe() methods, when they bind to an
interface, and release
 * them by calling usb_put_dev(), in their
disconnect() methods.

But usb-serial.c breaks this rule because it calls
usb_put_dev not in usb_serial_disconnect, but in 
destroy_serial. destroy_serial is usually called
from usb_serial_disconnect except in case of
the serial_open/usb_serial_disconnect race condition.

So, this seems to prove that we cannot simply
ref-count usb_serial and execute destroy_serial
after usb_serial_disconnect already returned.

This means that usb_serial_disconnect have to wait
on serial_open and any other serial_* functions
to finish. And the body of destroy_serial
(or at least, most of it)
should be returned back to usb_serial_disconnect

Am I right this time?

John



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to