On Tue, Jan 24, 2006 at 11:29:50PM -0800, Pete Zaitcev wrote: > We have reasonable new kernels in Rawhide, 2.6.15 or 2.6.16-rc1, and they > do this: > > visor 2-1:1.0: Handspring Visor / Palm OS converter detected > usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 > usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 > usbcore: registered new driver visor > drivers/usb/serial/visor.c: USB HandSpring Visor / Palm OS driver > usb 2-1: USB disconnect, address 2 > visor 2-1:1.0: device disconnected > visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from > ttyUSB0 > visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from > ttyUSB1 > Slab corruption: (Not tainted) start=ea550da0, len=1024 > Redzone: 0x5a2cf071/0x5a2cf071. > Last user: [<c0227086>](device_release+0x14/0x47) > [<c0151247>] check_poison_obj+0x73/0x161 [<c0151379>] > cache_alloc_debugcheck_after+0x1f/0xea > [<c01524ed>] kmem_cache_alloc+0x70/0x79 [<c0139399>] > audit_alloc+0x5e/0xba > [<c0139399>] audit_alloc+0x5e/0xba [<c011981f>] copy_process+0x463/0x116d > [<c02e02bb>] _read_unlock_irq+0x5/0x7 [<c013aba2>] > find_get_page+0x39/0x3f > [<c01452f6>] __handle_mm_fault+0x418/0x78e [<c011a76e>] > do_fork+0x85/0x190 > [<c0139014>] audit_syscall_entry+0x118/0x13f [<c01055e0>] > do_syscall_trace+0x104/0x14a > [<c01011b5>] sys_clone+0x28/0x2d [<c0102ba9>] syscall_call+0x7/0xb > 010: 6b 6b 6b 6b 6b 6b 6b 6b 6c 6b 6b 6b 6b 6b 6b 6b > Prev obj: start=ea550994, len=1024 > Redzone: 0x170fc2a5/0x170fc2a5. > Last user: [<c016b21b>](expand_files+0x104/0x2e8) > > Anyone seen this? It only happens with gpilot apparently, but not with > pilot-link. The gpilot somehow makes the Treo 650 to disconnect, and > that apparently triggers a use-after-free in visor... Or something.
I don't have a visor device to even test this driver on anymore, but I have not had any other reports of this. I do know the whole disconnect/close area of this driver has had races in the past, due to the way the hardware works (it disconnects itself when it is finished, which is usually before userspace closes the device.) Good new is, next version of pilot-link (or possibly this version) accesses the device through libusb/usbfs, and doesn't touch the kernel driver at all. thanks, greg k-h ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ [email protected] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
