Hi, During the last few days me and Oliver Neukum exchanged some messages about fixing the usb-serial.c. We came to an agreement and I made a patch (which should be applied after 3 patches, which were posted by Oliver on 1/2/07 at linux-usb-devel@lists.sourceforge.net)
We agreed that usb-serial had the following errors: 1) serial table is not protected by locks. kref_get() may be called on freed memory 2) probe() exposes uninitialized devices 3) disconnect() does not make sure there's no more IO to unbound devices 4) try_module_get() is called with unprotected pointers 5) there's a race between write() and disconnect() Oliver fixed most of these issues in 1/2/07 patch. After that I also fixed in the following errors: 6) pointers in serial_table were not ref-counted, that is when a pointer was copied to serial_table, ref count was not incremented, which resulted in ref count reaching 0 while there were still pointers in serial_table and serial_open taking an invalid pointer from there. The solution to that is to add kref_get to get_free_serial: + kref_get(&serial->kref); serial_table[i] = serial; and usb_serial_put to return_serial: serial_table[serial->minor + i] = NULL; + usb_serial_put(serial); 7) serial->type->shutdown called from destroy_serial, which may be called after usb_serial_disconnect already exited, which means that client drivers have no way to kill outstanding URBs before usb_serial_disconnect exists, which means that IO may continue when it should not. The solution to this is to add the following variables to usb_serial structure: spinlock_t lock; int lock_count; int shutdown_called; wait_queue_head_t shutdown_wait; and provide routines serial_lock and serial_unlock to be called by every serial_* routine before and after using serial pointer. Also routine serial_lock_and_wait_before_shutdown to be called from usb_serial_disconnect to block it until all serial_* routines finish using serial pointer. Then usb_serial_disconnect calls serial->type->shutdown, which I moved back from destroy_serial. I attached my patches, which should be applied after 3 Oliver's patches. Please, comment. Thank you John __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
usb-serial.c_20070104.diff
Description: 4284928108-usb-serial.c_20070104.diff
serial.h_20070104.diff
Description: 827676511-serial.h_20070104.diff
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
