From 18a77b5d237a67d2c621a46f5271a3b51da1b380 Mon Sep 17 00:00:00 2001 From: Henry Gebhardt Date: Wed, 4 Nov 2009 11:19:28 +0100 Subject: USB: cdc_acm: Fix race condition when opening tty If acm_rx_tasklet() gets called before tty_port_block_til_ready() returns, then bulk IN urbs may not be sent. This fixes it. Signed-off-by: Henry Gebhardt Acked-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/cdc-acm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/usb/class/cdc-acm.c') diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index e3861b21e77..b72fa49eb25 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -609,9 +609,9 @@ static int acm_tty_open(struct tty_struct *tty, struct file *filp) acm->throttle = 0; - tasklet_schedule(&acm->urb_task); set_bit(ASYNCB_INITIALIZED, &acm->port.flags); rv = tty_port_block_til_ready(&acm->port, tty, filp); + tasklet_schedule(&acm->urb_task); done: mutex_unlock(&acm->mutex); err_out: -- cgit v1.2.3 From 051522bb47797f7168a617a0752d7ddc1a2f6f24 Mon Sep 17 00:00:00 2001 From: Francesco Lavra Date: Tue, 3 Nov 2009 10:53:07 +0000 Subject: USB: cdc_acm: Fix memory leak after hangup Am Donnerstag, 10. September 2009 15:43:53 schrieb Dietmar Hilbrich: > Hello, > > i have the following problem with the cdc-acm - driver: > > I'm using the driver with an "Ericsson F3507G" on a Thinkpad T400. > > If a disable the device (with the RFKill-Switch) while it is used by a > programm like ppp, the driver doesn't seem to correctly clean up the tty, > even after the program has been closed) > > The tty is still active (e.g. there still exists an entry in > /sys/dev/char/166:0 if ttyACM0 was used) and if a reacticate the device, > this device entry will be skipped and the Device-Nodes ttyACM1, ttyACM2 > and ttyACM3 will be used. > > This problem was introduced with the commit > 10077d4a6674f535abdbe25cdecb1202af7948f1 (before 2.6.31-rc1) and still > exists in 2.6.31. > > I was able the fix this problem with the following patch: > > diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c > index 2bfc41e..0970d2f 100644 > --- a/drivers/usb/class/cdc-acm.c > +++ b/drivers/usb/class/cdc-acm.c > @@ -676,6 +676,7 @@ static void acm_tty_hangup(struct tty_struct *tty) > struct acm *acm = tty->driver_data; > tty_port_hangup(&acm->port); > acm_port_down(acm, 0); > + acm_tty_unregister(acm); > } I have the same problem with cdc-acm (I'm using a Samsung SGH-U900): when I unplug it from the USB port during a PPP connection, the ppp daemon gets the hangup correctly (and closes the device), but the struct acm corresponding to the device disconnected is not freed. Hence reconnecting the device results in creation of /dev/ttyACM(x+1). The same happens when the system is hibernated during a PPP connection. This memory leak is due to the fact that when the tty is hung up, tty_port_close_start() returns always zero, and acm_tty_close() never reaches the point where acm_tty_unregister() is called. Here is a fix for this. Signed-off-by: Francesco Lavra Acked-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/cdc-acm.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'drivers/usb/class/cdc-acm.c') diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index b72fa49eb25..e4eca7810bc 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -686,15 +686,21 @@ static void acm_tty_close(struct tty_struct *tty, struct file *filp) /* Perform the closing process and see if we need to do the hardware shutdown */ - if (!acm || tty_port_close_start(&acm->port, tty, filp) == 0) + if (!acm) + return; + if (tty_port_close_start(&acm->port, tty, filp) == 0) { + mutex_lock(&open_mutex); + if (!acm->dev) { + tty_port_tty_set(&acm->port, NULL); + acm_tty_unregister(acm); + tty->driver_data = NULL; + } + mutex_unlock(&open_mutex); return; + } acm_port_down(acm, 0); tty_port_close_end(&acm->port, tty); - mutex_lock(&open_mutex); tty_port_tty_set(&acm->port, NULL); - if (!acm->dev) - acm_tty_unregister(acm); - mutex_unlock(&open_mutex); } static int acm_tty_write(struct tty_struct *tty, -- cgit v1.2.3