On Tue, 27 Jul 2004 10:37:25 -0400 (EDT) Alan Stern <[EMAIL PROTECTED]> wrote:
> > On Tue, 27 Jul 2004 00:52:52 -0500 > > Dmitry Torokhov <[EMAIL PROTECTED]> wrote: > > > > > Got the following OOps when when turning off a all-in-one USB printer/scanner > > > after scanning an image with Xsane and leaving Xsane window open. > > > > > EIP is at usb_buffer_free+0x1a/0x50 [usbcore] > > > Process ptal-mlcd (pid: 2292, threadinfo=dd77c000 task=df8e80f0) > > > Call Trace: > > > [<c01054fa>] show_stack+0x7a/0x90 > > > [<c010567a>] show_registers+0x14a/0x1b0 > > > [<c010580d>] die+0x8d/0x100 > > > [<c0114097>] do_page_fault+0x1f7/0x540 > > > [<c0105195>] error_code+0x2d/0x38 > > > [<e0f153de>] usblp_cleanup+0x3e/0x90 [usblp] > > > [<e0f154b7>] usblp_release+0x57/0x60 [usblp] > > > [<c014f437>] __fput+0x117/0x130 > > > [<c014dcdf>] filp_close+0x4f/0x80 > > > [<c0104feb>] syscall_call+0x7/0xb > I suspect Pete's patch doesn't really address this problem. The oops is > caused by the fact that usblp_release() calls usblp_cleanup() which in > turn calls usb_buffer_free() _after_ usblp_disconnect() has returned and > the device is gone. That's not a good thing to do. I agree with the Alan's logic. On 2.4 it never showed up because it uses a simple kfree() instead of usb_buffer_free(), and thus my patch was sufficient. I can swear I saw a very similar traceback though. > The patch below (which can be used independently of Pete's patch) should > fix this problem. It moves the call to usb_buffer_free() out of the > cleanup routine and into the disconnect routine. Be warned that I haven't > tested it! > Signed-off-by: Alan Stern <[EMAIL PROTECTED]> > @@ -1160,6 +1156,10 @@ > usb_set_intfdata (intf, NULL); > > usblp_unlink_urbs(usblp); > + usb_buffer_free (usblp->dev, USBLP_BUF_SIZE, > + usblp->writebuf, usblp->writeurb->transfer_dma); > + usb_buffer_free (usblp->dev, USBLP_BUF_SIZE, > + usblp->readbuf, usblp->readurb->transfer_dma); > up (&usblp->sem); > > if (!usblp->used) I checked the against the lifetime (probe to disconnect) and leakage (by invariant), the patch seems ok. It should not be racy either, because in-flight URBs receive -84 before disconnect is called. Again, not tested here because not applicable to 2.4. I suggest we ask Vojtech to apply, see what happens. :-) -- Pete ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
