mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-11 16:29:05 +00:00
9a6b1efa6f
When a usb serial adapter is used as console, the usb serial console
driver bumps the open_count on the port struct used but doesn't attach
a real tty to it (only a fake one temporaly). If this port is opened later
using the regular character device interface, the open method won't
initialize the port, which is the expected, and will receive a brand new
tty struct created by tty layer, which will be stored in port->tty.
When the last close is issued, open_count won't be 0 because of the
console usage and the port->tty will still contain the old tty value. This
is the last ttyUSB<n> close so the allocated tty will be freed by the
tty layer. The usb_serial and usb_serial_port are still in use by the
console, so port_free() won't be called (serial_close() ->
usb_serial_put() -> destroy_serial() -> port_free()), so the scheduled
work (port->work, usb_serial_port_work()) will still run. And
usb_serial_port_work() does:
(...)
tty = port->tty;
if (!tty)
return;
tty_wakeup(tty);
which causes (manually copied):
Faulting instruction address: 0x6b6b6b68
Oops: Kernel access of bad area, sig: 11 [#1]
PREEMPT PowerMac
Modules linked in: binfmt_misc ipv6 nfs lockd nfs_acl sunrpc dm_snapshot dm_mirror dm_mod hfsplus uinput ams input_polldev genrtc cpufreq_powersave i2c_powermac therm_adt746x snd_aoa_codec_tas snd_aoa_fabric_layout snd_aoa joydev snd_aoa_i2sbus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc pmac_zilog serial_core evdev ide_cd cdrom snd appletouch soundcore snd_aoa_soundbus bcm43xx firmware_class usbhid ieee80211softmac ff_memless firewire_ohci firewire_core ieee80211 ieee80211_crypt crc_itu_t sungem sungem_phy uninorth_agp agpart ssb
NIP: 6b6b6b68 LR: c01b2108 CTR: 6b6b6b6b
REGS: c106de80 TRAP: 0400 Not tainted (2.6.24-rc2)
MSR: 40009032 <EE,ME,IR,DR> CR: 82004024 XER: 00000000
TASK = c106b4c0[5] 'events/0' THREAD: c106c000
GPR00: 6b6b6b6b c106df30 c106b4c0 c2d613a0 00009032 00000001 00001a00 00000001
GPR08: 00000008 00000000 00000000 c106c000 42004028 00000000 016ffbe0 0171a724
GPR16: 016ffcf4 00240e24 00240e70 016fee68 016ff9a4 c03046c4 c0327f50 c03046fc
GPR24: c106b6b9 c106b4c0 c101d610 c106c000 c02160fc c1eac1dc c2d613ac c2d613a0
NIP [6b6b6b68] 0x6b6b6b68
LR [c01b2108] tty_wakeup+0x6c/0x9c
Call Trace:
[c106df30] [c01b20e8] tty_wakeup+0x4c/0x9c (unreliable)
[c106df40] [c0216138] usb_serial_port_work+0x3c/0x78
[c106df50] [c00432e8] run_workqueue+0xc4/0x15c
[c106df90] [c0043798] worker_thread+0xa0/0x124
[c106dfd0] [c0048224] kthread+0x48/0x84
[c106dff0] [c00129bc] kernel_thread+0x44/0x60
Instruction dump:
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
Slab corruption: size-2048 start=c2d613a0, len=2048
Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
Last user: [<c01b16d8>](release_one_tty+0xbc/0xf4)
050: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Prev obj: start=c2d60b88, len=2048
Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
Last user: [<c00f30ec>](show_stat+0x410/0x428)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
This patch avoids this, clearing port->tty considering if the port is
used as serial console or not
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
326 lines
13 KiB
C
326 lines
13 KiB
C
/*
|
|
* USB Serial Converter stuff
|
|
*
|
|
* Copyright (C) 1999 - 2005
|
|
* Greg Kroah-Hartman (greg@kroah.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; version 2 of the License.
|
|
*
|
|
*/
|
|
|
|
|
|
#ifndef __LINUX_USB_SERIAL_H
|
|
#define __LINUX_USB_SERIAL_H
|
|
|
|
#include <linux/kref.h>
|
|
#include <linux/mutex.h>
|
|
|
|
#define SERIAL_TTY_MAJOR 188 /* Nice legal number now */
|
|
#define SERIAL_TTY_MINORS 255 /* loads of devices :) */
|
|
|
|
#define MAX_NUM_PORTS 8 /* The maximum number of ports one device can grab at once */
|
|
|
|
/* parity check flag */
|
|
#define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
|
|
|
|
/**
|
|
* usb_serial_port: structure for the specific ports of a device.
|
|
* @serial: pointer back to the struct usb_serial owner of this port.
|
|
* @tty: pointer to the corresponding tty for this port.
|
|
* @lock: spinlock to grab when updating portions of this structure.
|
|
* @mutex: mutex used to synchronize serial_open() and serial_close()
|
|
* access for this port.
|
|
* @number: the number of the port (the minor number).
|
|
* @interrupt_in_buffer: pointer to the interrupt in buffer for this port.
|
|
* @interrupt_in_urb: pointer to the interrupt in struct urb for this port.
|
|
* @interrupt_in_endpointAddress: endpoint address for the interrupt in pipe
|
|
* for this port.
|
|
* @interrupt_out_buffer: pointer to the interrupt out buffer for this port.
|
|
* @interrupt_out_size: the size of the interrupt_out_buffer, in bytes.
|
|
* @interrupt_out_urb: pointer to the interrupt out struct urb for this port.
|
|
* @interrupt_out_endpointAddress: endpoint address for the interrupt out pipe
|
|
* for this port.
|
|
* @bulk_in_buffer: pointer to the bulk in buffer for this port.
|
|
* @read_urb: pointer to the bulk in struct urb for this port.
|
|
* @bulk_in_endpointAddress: endpoint address for the bulk in pipe for this
|
|
* port.
|
|
* @bulk_out_buffer: pointer to the bulk out buffer for this port.
|
|
* @bulk_out_size: the size of the bulk_out_buffer, in bytes.
|
|
* @write_urb: pointer to the bulk out struct urb for this port.
|
|
* @bulk_out_endpointAddress: endpoint address for the bulk out pipe for this
|
|
* port.
|
|
* @write_wait: a wait_queue_head_t used by the port.
|
|
* @work: work queue entry for the line discipline waking up.
|
|
* @open_count: number of times this port has been opened.
|
|
* @throttled: nonzero if the read urb is inactive to throttle the device
|
|
* @throttle_req: nonzero if the tty wants to throttle us
|
|
*
|
|
* This structure is used by the usb-serial core and drivers for the specific
|
|
* ports of a device.
|
|
*/
|
|
struct usb_serial_port {
|
|
struct usb_serial * serial;
|
|
struct tty_struct * tty;
|
|
spinlock_t lock;
|
|
struct mutex mutex;
|
|
unsigned char number;
|
|
|
|
unsigned char * interrupt_in_buffer;
|
|
struct urb * interrupt_in_urb;
|
|
__u8 interrupt_in_endpointAddress;
|
|
|
|
unsigned char * interrupt_out_buffer;
|
|
int interrupt_out_size;
|
|
struct urb * interrupt_out_urb;
|
|
__u8 interrupt_out_endpointAddress;
|
|
|
|
unsigned char * bulk_in_buffer;
|
|
int bulk_in_size;
|
|
struct urb * read_urb;
|
|
__u8 bulk_in_endpointAddress;
|
|
|
|
unsigned char * bulk_out_buffer;
|
|
int bulk_out_size;
|
|
struct urb * write_urb;
|
|
int write_urb_busy;
|
|
__u8 bulk_out_endpointAddress;
|
|
|
|
wait_queue_head_t write_wait;
|
|
struct work_struct work;
|
|
int open_count;
|
|
char throttled;
|
|
char throttle_req;
|
|
char console;
|
|
struct device dev;
|
|
};
|
|
#define to_usb_serial_port(d) container_of(d, struct usb_serial_port, dev)
|
|
|
|
/* get and set the port private data pointer helper functions */
|
|
static inline void *usb_get_serial_port_data (struct usb_serial_port *port)
|
|
{
|
|
return dev_get_drvdata(&port->dev);
|
|
}
|
|
|
|
static inline void usb_set_serial_port_data (struct usb_serial_port *port, void *data)
|
|
{
|
|
dev_set_drvdata(&port->dev, data);
|
|
}
|
|
|
|
/**
|
|
* usb_serial - structure used by the usb-serial core for a device
|
|
* @dev: pointer to the struct usb_device for this device
|
|
* @type: pointer to the struct usb_serial_driver for this device
|
|
* @interface: pointer to the struct usb_interface for this device
|
|
* @minor: the starting minor number for this device
|
|
* @num_ports: the number of ports this device has
|
|
* @num_interrupt_in: number of interrupt in endpoints we have
|
|
* @num_interrupt_out: number of interrupt out endpoints we have
|
|
* @num_bulk_in: number of bulk in endpoints we have
|
|
* @num_bulk_out: number of bulk out endpoints we have
|
|
* @port: array of struct usb_serial_port structures for the different ports.
|
|
* @private: place to put any driver specific information that is needed. The
|
|
* usb-serial driver is required to manage this data, the usb-serial core
|
|
* will not touch this. Use usb_get_serial_data() and
|
|
* usb_set_serial_data() to access this.
|
|
*/
|
|
struct usb_serial {
|
|
struct usb_device * dev;
|
|
struct usb_serial_driver * type;
|
|
struct usb_interface * interface;
|
|
unsigned char minor;
|
|
unsigned char num_ports;
|
|
unsigned char num_port_pointers;
|
|
char num_interrupt_in;
|
|
char num_interrupt_out;
|
|
char num_bulk_in;
|
|
char num_bulk_out;
|
|
struct usb_serial_port * port[MAX_NUM_PORTS];
|
|
struct kref kref;
|
|
void * private;
|
|
};
|
|
#define to_usb_serial(d) container_of(d, struct usb_serial, kref)
|
|
|
|
#define NUM_DONT_CARE 99
|
|
|
|
/* get and set the serial private data pointer helper functions */
|
|
static inline void *usb_get_serial_data (struct usb_serial *serial)
|
|
{
|
|
return serial->private;
|
|
}
|
|
|
|
static inline void usb_set_serial_data (struct usb_serial *serial, void *data)
|
|
{
|
|
serial->private = data;
|
|
}
|
|
|
|
/**
|
|
* usb_serial_driver - describes a usb serial driver
|
|
* @description: pointer to a string that describes this driver. This string used
|
|
* in the syslog messages when a device is inserted or removed.
|
|
* @id_table: pointer to a list of usb_device_id structures that define all
|
|
* of the devices this structure can support.
|
|
* @num_interrupt_in: If a device doesn't have this many interrupt-in
|
|
* endpoints, it won't be sent to the driver's attach() method.
|
|
* (But it might still be sent to the probe() method.)
|
|
* @num_interrupt_out: If a device doesn't have this many interrupt-out
|
|
* endpoints, it won't be sent to the driver's attach() method.
|
|
* (But it might still be sent to the probe() method.)
|
|
* @num_bulk_in: If a device doesn't have this many bulk-in
|
|
* endpoints, it won't be sent to the driver's attach() method.
|
|
* (But it might still be sent to the probe() method.)
|
|
* @num_bulk_out: If a device doesn't have this many bulk-out
|
|
* endpoints, it won't be sent to the driver's attach() method.
|
|
* (But it might still be sent to the probe() method.)
|
|
* @num_ports: the number of different ports this device will have.
|
|
* @calc_num_ports: pointer to a function to determine how many ports this
|
|
* device has dynamically. It will be called after the probe()
|
|
* callback is called, but before attach()
|
|
* @probe: pointer to the driver's probe function.
|
|
* This will be called when the device is inserted into the system,
|
|
* but before the device has been fully initialized by the usb_serial
|
|
* subsystem. Use this function to download any firmware to the device,
|
|
* or any other early initialization that might be needed.
|
|
* Return 0 to continue on with the initialization sequence. Anything
|
|
* else will abort it.
|
|
* @attach: pointer to the driver's attach function.
|
|
* This will be called when the struct usb_serial structure is fully set
|
|
* set up. Do any local initialization of the device, or any private
|
|
* memory structure allocation at this point in time.
|
|
* @shutdown: pointer to the driver's shutdown function. This will be
|
|
* called when the device is removed from the system.
|
|
* @usb_driver: pointer to the struct usb_driver that controls this
|
|
* device. This is necessary to allow dynamic ids to be added to
|
|
* the driver from sysfs.
|
|
*
|
|
* This structure is defines a USB Serial driver. It provides all of
|
|
* the information that the USB serial core code needs. If the function
|
|
* pointers are defined, then the USB serial core code will call them when
|
|
* the corresponding tty port functions are called. If they are not
|
|
* called, the generic serial function will be used instead.
|
|
*
|
|
* The driver.owner field should be set to the module owner of this driver.
|
|
* The driver.name field should be set to the name of this driver (remember
|
|
* it will show up in sysfs, so it needs to be short and to the point.
|
|
* Useing the module name is a good idea.)
|
|
*/
|
|
struct usb_serial_driver {
|
|
const char *description;
|
|
const struct usb_device_id *id_table;
|
|
char num_interrupt_in;
|
|
char num_interrupt_out;
|
|
char num_bulk_in;
|
|
char num_bulk_out;
|
|
char num_ports;
|
|
|
|
struct list_head driver_list;
|
|
struct device_driver driver;
|
|
struct usb_driver *usb_driver;
|
|
struct usb_dynids dynids;
|
|
|
|
int (*probe) (struct usb_serial *serial, const struct usb_device_id *id);
|
|
int (*attach) (struct usb_serial *serial);
|
|
int (*calc_num_ports) (struct usb_serial *serial);
|
|
|
|
void (*shutdown) (struct usb_serial *serial);
|
|
|
|
int (*port_probe) (struct usb_serial_port *port);
|
|
int (*port_remove) (struct usb_serial_port *port);
|
|
|
|
int (*suspend) (struct usb_serial *serial, pm_message_t message);
|
|
int (*resume) (struct usb_serial *serial);
|
|
|
|
/* serial function calls */
|
|
int (*open) (struct usb_serial_port *port, struct file * filp);
|
|
void (*close) (struct usb_serial_port *port, struct file * filp);
|
|
int (*write) (struct usb_serial_port *port, const unsigned char *buf, int count);
|
|
int (*write_room) (struct usb_serial_port *port);
|
|
int (*ioctl) (struct usb_serial_port *port, struct file * file, unsigned int cmd, unsigned long arg);
|
|
void (*set_termios) (struct usb_serial_port *port, struct ktermios * old);
|
|
void (*break_ctl) (struct usb_serial_port *port, int break_state);
|
|
int (*chars_in_buffer) (struct usb_serial_port *port);
|
|
void (*throttle) (struct usb_serial_port *port);
|
|
void (*unthrottle) (struct usb_serial_port *port);
|
|
int (*tiocmget) (struct usb_serial_port *port, struct file *file);
|
|
int (*tiocmset) (struct usb_serial_port *port, struct file *file, unsigned int set, unsigned int clear);
|
|
|
|
void (*read_int_callback)(struct urb *urb);
|
|
void (*write_int_callback)(struct urb *urb);
|
|
void (*read_bulk_callback)(struct urb *urb);
|
|
void (*write_bulk_callback)(struct urb *urb);
|
|
};
|
|
#define to_usb_serial_driver(d) container_of(d, struct usb_serial_driver, driver)
|
|
|
|
extern int usb_serial_register(struct usb_serial_driver *driver);
|
|
extern void usb_serial_deregister(struct usb_serial_driver *driver);
|
|
extern void usb_serial_port_softint(struct usb_serial_port *port);
|
|
|
|
extern int usb_serial_probe(struct usb_interface *iface, const struct usb_device_id *id);
|
|
extern void usb_serial_disconnect(struct usb_interface *iface);
|
|
|
|
extern int usb_serial_suspend(struct usb_interface *intf, pm_message_t message);
|
|
extern int usb_serial_resume(struct usb_interface *intf);
|
|
|
|
extern int ezusb_writememory (struct usb_serial *serial, int address, unsigned char *data, int length, __u8 bRequest);
|
|
extern int ezusb_set_reset (struct usb_serial *serial, unsigned char reset_bit);
|
|
|
|
/* USB Serial console functions */
|
|
#ifdef CONFIG_USB_SERIAL_CONSOLE
|
|
extern void usb_serial_console_init (int debug, int minor);
|
|
extern void usb_serial_console_exit (void);
|
|
extern void usb_serial_console_disconnect(struct usb_serial *serial);
|
|
#else
|
|
static inline void usb_serial_console_init (int debug, int minor) { }
|
|
static inline void usb_serial_console_exit (void) { }
|
|
static inline void usb_serial_console_disconnect(struct usb_serial *serial) {}
|
|
#endif
|
|
|
|
/* Functions needed by other parts of the usbserial core */
|
|
extern struct usb_serial *usb_serial_get_by_index (unsigned int minor);
|
|
extern void usb_serial_put(struct usb_serial *serial);
|
|
extern int usb_serial_generic_open (struct usb_serial_port *port, struct file *filp);
|
|
extern int usb_serial_generic_write (struct usb_serial_port *port, const unsigned char *buf, int count);
|
|
extern void usb_serial_generic_close (struct usb_serial_port *port, struct file *filp);
|
|
extern int usb_serial_generic_resume (struct usb_serial *serial);
|
|
extern int usb_serial_generic_write_room (struct usb_serial_port *port);
|
|
extern int usb_serial_generic_chars_in_buffer (struct usb_serial_port *port);
|
|
extern void usb_serial_generic_read_bulk_callback (struct urb *urb);
|
|
extern void usb_serial_generic_write_bulk_callback (struct urb *urb);
|
|
extern void usb_serial_generic_throttle (struct usb_serial_port *port);
|
|
extern void usb_serial_generic_unthrottle (struct usb_serial_port *port);
|
|
extern void usb_serial_generic_shutdown (struct usb_serial *serial);
|
|
extern int usb_serial_generic_register (int debug);
|
|
extern void usb_serial_generic_deregister (void);
|
|
|
|
extern int usb_serial_bus_register (struct usb_serial_driver *device);
|
|
extern void usb_serial_bus_deregister (struct usb_serial_driver *device);
|
|
|
|
extern struct usb_serial_driver usb_serial_generic_device;
|
|
extern struct bus_type usb_serial_bus_type;
|
|
extern struct tty_driver *usb_serial_tty_driver;
|
|
|
|
static inline void usb_serial_debug_data(int debug,
|
|
struct device *dev,
|
|
const char *function, int size,
|
|
const unsigned char *data)
|
|
{
|
|
int i;
|
|
|
|
if (debug) {
|
|
dev_printk(KERN_DEBUG, dev, "%s - length = %d, data = ", function, size);
|
|
for (i = 0; i < size; ++i)
|
|
printk ("%.2x ", data[i]);
|
|
printk ("\n");
|
|
}
|
|
}
|
|
|
|
/* Use our own dbg macro */
|
|
#undef dbg
|
|
#define dbg(format, arg...) do { if (debug) printk(KERN_DEBUG "%s: " format "\n" , __FILE__ , ## arg); } while (0)
|
|
|
|
|
|
|
|
#endif /* ifdef __LINUX_USB_SERIAL_H */
|
|
|