[linux-usb-devel] Re: [PATCH] cdc-acm clear tty field on last close

[Paul Fulghum]

On Mon, 2006-03-13 at 10:21 -0800, Pete Zaitcev wrote:
> On Mon, 13 Mar 2006 09:51:20 -0600, Paul Fulghum <[EMAIL PROTECTED]> wrote:
> 
> > Signed-off-by: Paul Fulghum <[EMAIL PROTECTED]>
> 
> > +++ b/drivers/usb/class/cdc-acm.c   2006-03-13 09:33:23.000000000 -0600
> > @@ -517,6 +517,7 @@ static void acm_tty_close(struct tty_str
> >                             usb_kill_urb(acm->ru[i].urb);
> >             } else
> >                     acm_tty_unregister(acm);
> > +           acm->tty = NULL;
> 
> Paul, this cannot possibly be correct! The acm_tty_unregister frees
> its argument.

You are right, but only for the path that calls acm_tty_unregister().

For the other path, acm remains with a pointer to a tty which
will be released on return from acm_tty_close().

So how about this:

--- linux-2.6.16-rc5/drivers/usb/class/cdc-acm.c        2006-02-27 
14:40:21.000000000 -0600
+++ b/drivers/usb/class/cdc-acm.c       2006-03-13 12:28:19.000000000 -0600
@@ -515,6 +515,7 @@ static void acm_tty_close(struct tty_str
                        usb_kill_urb(acm->writeurb);
                        for (i = 0; i < ACM_NRU; i++)
                                usb_kill_urb(acm->ru[i].urb);
+                       acm->tty = NULL;
                } else
                        acm_tty_unregister(acm);
        }



> What we actually want is something like this:
> 
> --- linux-2.6.16-rc5/drivers/usb/class/cdc-acm.c      2006-02-26 
> 23:04:29.000000000 -0800
> +++ linux-2.6.16-rc5-lem/drivers/usb/class/cdc-acm.c  2006-03-13 
> 10:20:21.000000000 -0800
> @@ -256,7 +256,7 @@ static void acm_ctrl_irq(struct urb *urb
>  
>                       newctrl = le16_to_cpu(get_unaligned((__le16 *) data));
>  
> -                     if (acm->tty && !acm->clocal && (acm->ctrlin & ~newctrl 
> & ACM_CTRL_DCD)) {
> +                     if (!acm->clocal && (acm->ctrlin & ~newctrl & 
> ACM_CTRL_DCD)) {
>                               dbg("calling hangup");
>                               tty_hangup(acm->tty);
>                       }
> @@ -1049,10 +1049,8 @@ static void acm_disconnect(struct usb_in
>               return;
>       }
>  
> +     tty_hangup(acm->tty);
>       up(&open_sem);
> -
> -     if (acm->tty)
> -             tty_hangup(acm->tty);
>  }
>  
>  /*

I'm not sure what you are trying to do here. 
acm->tty becomes invalid after the last tty close.
You need to NULL that pointer and check for NULL
so you don't touch memory that has been released.

-- 
Paul Fulghum
Microgate Systems, Ltd



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel