More usb-serial problems

From: Alan Stern
Date: Thu Aug 20 2009 - 15:33:48 EST

Next message: David Woodhouse: "Re: [PATCH] intel-iommu: Work around yet another BIOS bug"
Previous message: Jason Wessel: "Re: linux-next: manual merge of the usb tree with the tip tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan:

I have uncovered yet another problem with usb-serial. The refcount of
the tty_struct is getting set wrong.

I didn't trace it fully, but here's what I found. Opening the device
increases the refcount from 1 to 2. Closing the device decreases the
refcount all the way to 0, causing the structure to be deallocated.
The next time a program tries to open it, there's an access violation.

The two decrements occur in the following paths:

tty_release_dev -> serial_close -> tty_port_tty_set ->
tty_kref_put

tty_release_dev -> release_tty -> tty_kref_put

Those both seem reasonable, which suggests that something is wrong
with __tty_open. I tried replacing

filp->private_data = tty;

with

filp->private_data = tty_kref_get(tty);

but that failed dismally (no tty device could be opened more than
once). Maybe you have already run across this problem, but if you
haven't, please take a look.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Woodhouse: "Re: [PATCH] intel-iommu: Work around yet another BIOS bug"
Previous message: Jason Wessel: "Re: linux-next: manual merge of the usb tree with the tip tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]