If serial_open() fails at the port assignment or mutex_lock_interruptible()
is interrupted, the 'serial' object will never be freed.
We should call kref_put() when those errors happens.
Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If the device is disconnected while serial_open() is executing and
either try_module_get() or the device specific open function fails, the
kref_put() call in the 'bailout_kref_put' label will free the memory
pointed out by 'port'.
The subsequent dereferences in the 'bailout_kref_put' label will be
invalid.
The fix is just to assure kref_put() is called after any 'port' usage.
Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The usbserial's port semaphore used to synchronize serial_open()
and serial_close() are strict mutexes, convert them to the mutex
implementation.
Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes a use-after-free bug in the usb-serial core. It is simple to
trigger this (open a usb-serial port, then yank the device out before
closing the port.) Thanks to Stefan Seyfried <seife@suse.de> for
reporting this, and to the slab debugging code which enabled it to be
tracked down.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
There is a race-condition in usb-serial driver that can be triggered if
a processes does 'port->tty->driver_data = NULL' in serial_close() while
other processes is in kernel-space about to call serial_ioctl() on the
same port.
This happens because a process can open the device while there is
another one closing it.
The patch below fixes that by adding a semaphore to ensure that no
process will open the device while another process is closing it.
Note that we can't use spinlocks here, since serial_open() and
serial_close() can sleep.
Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Checks if 'port' is NULL before using it in all tty operations, this
can avoid NULL pointer dereferences.
Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This lets drivers, like the usb-serial ones, disable the ability to add
ids from sysfs.
The usb-serial drivers are "odd" in that they are really usb-serial bus
drivers, not usb bus drivers, so the dynamic id logic will have to go
into the usb-serial bus core for those drivers to get that ability.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
These numbers are pointless, as they have not been changed in _years_,
so we should just remove them to stop pretending there is an actual
"version number" for these drivers.
This should also help reduce confusion when people try to ask for
support of a specific driver version, as there has been no way to tell
what they are talking about.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes up a lot of problems in sysfs with some of the usb serial
drivers, they had incorrect driver names. Also saves a tiny ammount
of memory.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
I'm tired of trying to explain why a "device_type" is really a driver.
This better describes exactly what this structure is.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The following patch removes unneeded casts for the following (void *) pointers:
- tty_struct->driver_data
- void *private argument of usb_serial_port_softint()
Signed-off-by: Tobias Klauser <tklauser@nuerscht.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
At module load time, if a generic device is found, the tty information
for the device is not set up properly (as the tty structures aren't initialized
yet.) This can cause big problems for things like udev. This patch fixes this.
Thanks to Kay Sievers for the original patch for this problem.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!