Oliver,
The callback came from this function:
static void read_rxcmd_callback(struct urb *urb)
{
struct usb_serial_port *port = (struct usb_serial_port *)urb->context;
int result;
dbg("%s - enter", __FUNCTION__);
dbg("%s - urb->status = %d", __FUNCTION__, urb->status);
if (urb->status) {
dbg("%s - urb->status = %d", __FUNCTION__, urb->status);
/* error stop all */
return;
}
usb_fill_bulk_urb(port->read_urb, port->serial->dev,
usb_rcvbulkpipe(port->serial->dev,
port->bulk_in_endpointAddress),
port->read_urb->transfer_buffer, 256,
iuu_uart_read_callback, port);
result = usb_submit_urb(port->read_urb, GFP_ATOMIC);
dbg("%s - submit result = %d", __FUNCTION__, result);
return;
}
And dbg("%s - submit result = %d", __FUNCTION__, result) alwys display result =
0...
I don't understand how it could happens...
Now with this check I have another problem: a oops "unable to handle kernel
paging request" in another module ... I can't explain why...
My code is running during 1 to 5 minutes but suddenly I have a kernel panic
that doesn't appear to come from my module.
I begin to be nuts because I try to understand this for a week without any clue
to understand. The panic always show the EIP that have nothing to see with my
module.
One of the panic was due to a null deference and this is why I have added this
check and the difference is that de kernel ca run 3 to 5 minutes ( Before it
was only for 10 to 60 seconds )... So I progress but it is a nonsense to search
like that. Even with Sysrq + t, I don’t' see anything that can explain the
problem.
Alain
-----Message d'origine-----
De : Oliver Neukum [mailto:[EMAIL PROTECTED]
Envoyé : dimanche 29 juillet 2007 21:42
À : linux-usb-devel@lists.sourceforge.net
Cc : [EMAIL PROTECTED]
Objet : Re: [linux-usb-devel] [PATCH] USB Pegasus driver - avoid a potential
NULL pointer dereference.
Am Sonntag 29 Juli 2007 schrieb [EMAIL PROTECTED]:
> I have the same problem in my development..
>
> Somewhere in my code:
>
> unsigned char *data = urb->transfer_buffer ;
> ....
> if ( data == NULL )
> dbg("%s - data is NULL !!!",__FUNCTION__ );
>
> if ( urb->actual_length == 1 && data != NULL )
> len = (int) data[0];
>
>
> If I don’t do this check in a usb callback function, I have kernel panic
> deference to null pointer !
> But the fun stuff in this story is that I never see the debug " data is NULL
> !!! " so This never happen if I do this check....
urb->transfer_buffer is set by the caller. Usbcore should never change
it. What do you set it to?
Regards
Oliver
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
