rpms/kernel/F-11 linux-2.6-ftdi-oops.patch,1.1,1.2

[David Woodhouse]

Author: dwmw2

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10346

Modified Files:
	linux-2.6-ftdi-oops.patch 
Log Message:
update changelog now it's upstream

linux-2.6-ftdi-oops.patch:

Index: linux-2.6-ftdi-oops.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/linux-2.6-ftdi-oops.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- linux-2.6-ftdi-oops.patch	18 May 2009 12:34:36 -0000	1.1
+++ linux-2.6-ftdi-oops.patch	19 May 2009 09:52:54 -0000	1.2
@@ -1,3 +1,35 @@
+commit 80193195f87ebca6d7417516d6edeb3969631c15
+Author: David Woodhouse <dwmw2 at infradead.org>
+Date:   Mon May 18 13:07:35 2009 +0100
+
+    Fix oops on close of hot-unplugged FTDI serial converter
+    
+    Commit c45d6320 ("fix reference counting of ftdi_private") stopped
+    ftdi_sio_port_remove() from directly freeing the port-private data, with
+    the intention if the port was still open, it would be freed when
+    ftdi_close() is eventually called and releases the last refcount on the
+    structure.
+    
+    That's all very well, but ftdi_sio_port_remove() still contains a call
+    to usb_set_serial_port_data(port, NULL) -- so by the time we get to
+    ftdi_close() for the port which was unplugged, it _still_ oopses on
+    dereferencing that NULL pointer, as it did before (and does in 2.6.29).
+    
+    The fix is just not to clear the private data in ftdi_sio_port_remove().
+    Then the refcount is properly reduced to zero when the final kref_put()
+    happens in ftdi_close().
+    
+    Remove a bogus comment too, while we're at it. And stop doing things
+    inside "if (priv)" -- it must _always_ be there.
+    
+    Based loosely on an earlier patch by Daniel Mack, and suggestions by
+    Alan Stern.
+    
+    Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+    Tested-by: Daniel Mack <daniel at caiaq.de>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
 commit c45d63202fbaccef7ef7946c03f27f72c809b1cc
 Author: Alan Stern <stern at rowland.harvard.edu>
 Date:   Thu Apr 30 10:06:19 2009 -0400
@@ -19,28 +51,6 @@ Date:   Thu Apr 30 10:06:19 2009 -0400
     Cc: stable <stable at kernel.org>
     Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
 
-
-Subject: [PATCH] Fix oops on close of hot-unplugged FTDI serial converter
-Date: 	Mon, 18 May 2009 00:53:17 +0100
-
-When the device is removed, ftdi_sio_port_remove() calls
-usb_set_serial_port_data(port, NULL).
-
-When userspace subsequently _closes_ the device, ftdi_close() oopses on
-dereferencing that NULL pointer.
-
-The fix is just not to clear the private data in ftdi_sio_port_remove().
-The refcount on the structure reaches zero when the port is closed by
-userspace and the final kref_put() happens in ftdi_close().
-
-Remove a bogus comment too, while we're at it. And stop doing things
-inside "if (priv)" -- it must _always_ be there.
-
-Based loosely on an earlier patch by Daniel Mack, and suggestions by
-Alan Stern.
-
-Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
-
 --- a/drivers/usb/serial/ftdi_sio.c.29	2009-05-18 12:18:13.000000000 +0100
 +++ b/drivers/usb/serial/ftdi_sio.c	2009-05-18 12:18:18.000000000 +0100
 @@ -56,6 +56,7 @@ static __u16 vendor = FTDI_VID;